Affected script: "install-scripts:postinstall"
The script downloads an installation script from a URL (https://sh.rustup.rs) and executes it immediately without any checks for integrity or source validation. This could potentially enable remote command execution if the referenced URL is compromised. Furthermore, the script allows to execute shell commands using exec, which is a potential security vulnerability as it can allow arbitrary command execution.
wasm-grate
's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.Name | Version | Size | License | Type | Vulnerabilities |
---|