Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
21 Jul 2022
20 Jul 2022
Alex Crichton, Nick Fitzgerald, Jamey Sharp
How to fix?
cranelift-codegen to version 0.85.2 or higher.
cranelift-codegen is a translates code from an intermediate representation into executable machine code.
Affected versions of this package are vulnerable to Use After Free in the runtime garbage collector. When a host passes non-null
externrefs to WebAssembly, garbage collection is triggered, while active Wasm frames remain on the stack. Live references from these frames can be reclaimed and reallocated.
Note: This vulnerability can be worked around by passing