search

AlexanderThaller / prometheus_exporter

Helper libary to export prometheus metrics using tiny_http and rust-prometheus.
MIT License
28 stars 10 forks source link

cargo audit - RUSTSEC-2020-0031 in tiny_http #18

Closed lapawa closed 3 years ago

lapawa commented 3 years ago

Hello Alexander, I'm using cargo's audit tool to scan dependencies in Cargo.lock with Rusts advisory database. It found a vulnerability in prometheus_exporters dependency tiny_http. Can you please upgrade it to version 0.8 or greater to fix it?

cargo audit
Fetching advisory database from https://github.com/RustSec/advisory-db.git
Loaded 280 security advisories (from /home/zarq/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (92 crate dependencies) Crate: tiny_http
Version: 0.7.0 Title: HTTP Request smuggling through malformed Transfer Encoding headers Date: 2020-06-16
ID: RUSTSEC-2020-0031 URL: https://rustsec.org/advisories/RUSTSEC-2020-0031 Solution: Upgrade to >=0.8.0 Dependency tree: tiny_http 0.7.0
└── prometheus_exporter 0.8.0

Best regards lapawa

AlexanderThaller commented 3 years ago

I released a new version that uses tiny_http 0.8. Thank you for notifying!