Affected script: "install-scripts:postinstall"
The code downloads and executes scripts from the internet. The specific line is following:
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
This gives the ability to an attacker to execute arbitrary code if they gain the ability to modify or intercept the downloaded scripts, which can occur through DNS hijacking or a Man-In-The-Middle attack.
The use of "exec" command to run terminal command also presents a potential security vulnerability. This can lead to command injection if user-supplied input gets incorporated into the command.
Therefore, this script may pose potential security risks especially when executed in an environment that an attacker can influence.
wasm-grate
's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.Name | Version | Size | License | Type | Vulnerabilities |
---|