GHSA-j57r-4qw6-58r3
rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency
Blast Radius
rusty-pasetoReal-time download stats are indexed for npm and PyPI packages. This vulnerability affects crates.io packages — download data is not available via public APIs for these ecosystems.
Description
Impact
The vulnerability, known as RUSTSEC-2022-0093, impacts the ed25519-dalek crate, which is a dependency of the rusty-paseto crate. This issue arises from a "Double Public Key Signing Function Oracle Attack" affecting versions of ed25519-dalek prior to v2.0. These versions expose an unsafe API for serializing and deserializing 64-byte keypairs that include both private and public keys, creating potential for certain attacks. d25519-dalek users utilizing these serialization and deserialization functions directly could potentially be impacted.
Patches
The vulnerability within the ed25519-dalek crate has been addressed in version 2.0. rusty-paseto has addressed it in release v0.6.0.
Workarounds
Users are recommended to upgrade to v0.6.0 of rusty-paseto. However, users should still ensure that their key serialization and deserialization practices are secure and avoid any practices that could lead to key exposure.
References
More information about RUSTSEC-2022-0093 can be found in the RustSec Advisory Database. Updates and details regarding the upcoming release of rusty-paseto will be documented in the project's releases and changelog. This issue was first reported by Dependabot on 2023-08-15. The source was reviewed by @rrrodzilla at that time and a determination was made that the vulnerability low harm to existing users due to the strongly typed nature of keys provided by the rusty-paseto API. @techport-om reported the vulnerability to the repository by discovering during a cargo-audit run on 2023-11-05 and opened issue 28. This advisory was created at that time to notify existing users.
Affected Packages
| Ecosystem | Package | Vulnerable range | Fix |
|---|---|---|---|
| 🦀crates.io | rusty-paseto | all versions | 0.6.0 |
Detection & mitigation playbook
Open-source dependencyDetect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for rusty-paseto. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update rusty-paseto to 0.6.0 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-j57r-4qw6-58r3 is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-j57r-4qw6-58r3 is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.
Tailored to GHSA-j57r-4qw6-58r3. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.
Frequently Asked Questions
Is GHSA-j57r-4qw6-58r3 in your dependencies?
O3 detects GHSA-j57r-4qw6-58r3 across crates.io dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.