search

daniel-e / captcha

CAPTCHA library written in Rust.
MIT License
98 stars 20 forks source link

Critical vulnerabilities #7

Closed alepez closed 4 years ago

alepez commented 4 years ago

The dependency image 0.13.0 has a critical vulnerability.

See RUSTSEC-2019-0014

error: Vulnerable crates found!

ID:       RUSTSEC-2019-0014
Crate:    image
Version:  0.13.0
Date:     2019-08-21
URL:      https://rustsec.org/advisories/RUSTSEC-2019-0014
Title:    Flaw in interface may drop uninitialized instance of arbitrary types
Solution:  upgrade to >= 0.21.3
Dependency tree:
image 0.13.0
└── captcha 0.0.7

Solution: update dependency.

This fork has already fixed the dependency: https://github.com/robatipoor/captcha/commit/8c8f9d256777cc532380ccf95e6afbf1dadee1a2

daniel-e commented 4 years ago

Thank you very much for your notice and making the patch available. I've already applied a pull request which fixes this issue.