MEDIUM 5.5
PYSEC-2024-327
Details
wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / wasmtime
Introduced in:
0 No fixed version published yet for wasmtime (pip). Pin to a known-safe version or switch to an alternative.
References
- https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5 [ADVISORY]
- https://github.com/bytecodealliance/wasmtime/issues/8281 [REPORT]
- https://github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db230ed10e8664 [FIX]
- https://github.com/bytecodealliance/wasmtime/pull/8018 [FIX]
- https://github.com/bytecodealliance/wasmtime/pull/8283 [FIX]