Crate: remove_dir_all
Version: 0.5.3
Title: Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU)
Date: 2023-02-24
ID: RUSTSEC-2023-0018
URL: https://rustsec.org/advisories/RUSTSEC-2023-0018
Solution: Upgrade to >=0.8.0
Dependency tree:
remove_dir_all 0.5.3
└── tempdir 0.3.7
└── mmap 0.1.1
└── perfcnt 0.8.0
Note that mmap itself is unmaintained (https://github.com/rustsec/advisory-db/pull/1979) so the problem won't fix itself with the newer version of dependency. An alternative might be memmap2 crate but I am not 100% sure whether the API covers perfcnt needs.
Note that
mmap
itself is unmaintained (https://github.com/rustsec/advisory-db/pull/1979) so the problem won't fix itself with the newer version of dependency. An alternative might bememmap2
crate but I am not 100% sure whether the API covers perfcnt needs.