In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade pyo3 to version 0.29.0 or higher.
pyo3 is a package that provides Rust bindings for Python. This includes running and interacting with Python code from a Rust binary, as well as writing native Python modules.
Affected versions of this package are vulnerable to Out-of-bounds Read in the nth and nth_back methods of iterators for lists and tuples due to unchecked arithmetic operations on indices. An attacker can access memory outside the intended bounds by supplying a sufficiently large value to these methods, potentially leading to reading previously yielded elements or arbitrary memory past the end of the storage.