Open kernelzeroday opened 2 years ago
issue: 1 warn and 1 vuln, looks like cpu dos
command output:
(ins)kod@m1:~/code/DIP20/rust$ cargo audit Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 417 security advisories (from /Users/kod/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (164 crate dependencies) Crate: regex Version: 1.5.4 Title: Regexes with large repetitions on empty sub-expressions take a very long time to parse Date: 2022-03-08 ID: RUSTSEC-2022-0013 URL: https://rustsec.org/advisories/RUSTSEC-2022-0013 Solution: Upgrade to >=1.5.5 Dependency tree: regex 1.5.4 ├── lalrpop-util 0.19.7 │ ├── lalrpop 0.19.7 │ │ └── candid 0.7.11 │ │ ├── token 0.1.0 │ │ ├── ic-cdk-macros 0.3.3 │ │ │ ├── token 0.1.0 │ │ │ └── ic-kit 0.4.3 │ │ │ ├── token 0.1.0 │ │ │ ├── cap-sdk-core 0.1.0-alpha1 │ │ │ │ └── cap-sdk 0.1.0-alpha1 │ │ │ │ ├── token 0.1.0 │ │ │ │ └── cap-standards 0.1.0-alpha1 │ │ │ │ └── token 0.1.0 │ │ │ ├── cap-sdk 0.1.0-alpha1 │ │ │ └── cap-common 0.1.0 │ │ │ └── cap-sdk-core 0.1.0-alpha1 │ │ ├── ic-cdk 0.3.3 │ │ │ ├── token 0.1.0 │ │ │ ├── ic-kit 0.4.3 │ │ │ ├── ic-cdk-macros 0.3.3 │ │ │ ├── cap-standards 0.1.0-alpha1 │ │ │ ├── cap-sdk-core 0.1.0-alpha1 │ │ │ ├── cap-sdk 0.1.0-alpha1 │ │ │ └── cap-common 0.1.0 │ │ └── cap-standards 0.1.0-alpha1 │ └── candid 0.7.11 └── lalrpop 0.19.7 Crate: serde_cbor Version: 0.11.2 Warning: unmaintained Title: serde_cbor is unmaintained Date: 2021-08-15 ID: RUSTSEC-2021-0127 URL: https://rustsec.org/advisories/RUSTSEC-2021-0127 Dependency tree: serde_cbor 0.11.2 └── cap-common 0.1.0 └── cap-sdk-core 0.1.0-alpha1 └── cap-sdk 0.1.0-alpha1 ├── token 0.1.0 └── cap-standards 0.1.0-alpha1 └── token 0.1.0 error: 1 vulnerability found! warning: 1 allowed warning found
suggested action:
cargo update
issue: 1 warn and 1 vuln, looks like cpu dos
command output:
suggested action: