Closed laxect closed 2 years ago
Crate: hyper Version: 0.14.7 Title: Lenient `hyper` header parsing of `Content-Length` could allow request smuggling Date: 2021-07-07 ID: RUSTSEC-2021-0078 URL: https://rustsec.org/advisories/RUSTSEC-2021-0078 Solution: Upgrade to >=0.14.10 Dependency tree: hyper 0.14.7 ├── hyper-tls 0.5.0 │ └── dantalian 0.3.3 └── dantalian 0.3.3 Crate: hyper Version: 0.14.7 Title: Integer overflow in `hyper`'s parsing of the `Transfer-Encoding` header leads to data loss Date: 2021-07-07 ID: RUSTSEC-2021-0079 URL: https://rustsec.org/advisories/RUSTSEC-2021-0079 Solution: Upgrade to >=0.14.10 Crate: tokio Version: 1.5.0 Title: Task dropped in wrong thread when aborting `LocalSet` task Date: 2021-07-07 ID: RUSTSEC-2021-0072 URL: https://rustsec.org/advisories/RUSTSEC-2021-0072 Solution: Upgrade to >=1.5.1, <1.6.0 OR >=1.6.3, <1.7.0 OR >=1.7.2, <1.8.0 OR >=1.8.1 Dependency tree: tokio 1.5.0 ├── tokio-util 0.6.6 │ └── h2 0.3.3 │ └── hyper 0.14.7 │ ├── hyper-tls 0.5.0 │ │ └── dantalian 0.3.3 │ └── dantalian 0.3.3 ├── tokio-native-tls 0.3.0 │ └── hyper-tls 0.5.0 ├── hyper-tls 0.5.0 ├── hyper 0.14.7 ├── h2 0.3.3 └── dantalian 0.3.3 error: 3 vulnerabilities found!