search

TrueLayer / ginepro

A client-side gRPC channel implementation for tonic
Apache License 2.0
127 stars 24 forks source link

RUSTSEC-2021-0073: Conversion from `prost_types::Timestamp` to `SystemTime` can cause an overflow and panic #18

Closed github-actions[bot] closed 3 years ago

github-actions[bot] commented 3 years ago

Conversion from prost_types::Timestamp to SystemTime can cause an overflow and panic

Details
Package prost-types
Version 0.7.0
URL https://github.com/tokio-rs/prost/issues/438
Date 2021-07-08
Patched versions >=0.8.0

Affected versions of this crate contained a bug in which untrusted input could cause an overflow and panic when converting a Timestamp to SystemTime.

It is recommended to upgrade to prost-types v0.8 and switch the usage of From<Timestamp> for SystemTime to TryFrom<Timestamp> for SystemTime.

See #438 for more information.

See advisory page for additional details.