Addisoncrump

**Name of the Vulnerable Software and Affected Versions** Cargo versions prior to 0.72.2 Rust versions prior to 1.71.1 **Description** The issue is related to the Cargo package manager for the Rust programming language, which ignores umask when extracting archives created in UNIX-like systems. This could allow an attacker to execute arbitrary code if a crate containing files writable by any local user is downloaded. Another local user could exploit this to change the source code compiled and executed by the current user. **Recommendations** For Cargo versions prior to 0.72.2, update to version 0.72.2 or later to resolve the issue. For Rust versions prior to 1.71.1, update to version 1.71.1 or later to resolve the issue. As a temporary workaround, configure the system to prevent other local users from accessing the Cargo directory, usually located in ~/.cargo.