Closed figsoda closed 1 year ago
related: #200
before
Crate: h2 Version: 0.3.15 Title: Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS) Date: 2023-04-14 ID: RUSTSEC-2023-0034 URL: https://rustsec.org/advisories/RUSTSEC-2023-0034 Solution: Upgrade to >=0.3.17 Dependency tree: h2 0.3.15 └── hyper 0.14.23 ├── nix-index 0.1.7 ├── hyper-tls 0.5.0 │ └── hyper-proxy 0.9.1 │ └── nix-index 0.1.7 └── hyper-proxy 0.9.1 Crate: openssl Version: 0.10.45 Title: `openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read Date: 2023-03-24 ID: RUSTSEC-2023-0023 URL: https://rustsec.org/advisories/RUSTSEC-2023-0023 Solution: Upgrade to >=0.10.48 Dependency tree: openssl 0.10.45 └── native-tls 0.2.11 ├── tokio-native-tls 0.3.0 │ ├── hyper-tls 0.5.0 │ │ └── hyper-proxy 0.9.1 │ │ └── nix-index 0.1.7 │ └── hyper-proxy 0.9.1 ├── hyper-tls 0.5.0 └── hyper-proxy 0.9.1 Crate: openssl Version: 0.10.45 Title: `openssl` `X509NameBuilder::build` returned object is not thread safe Date: 2023-03-24 ID: RUSTSEC-2023-0022 URL: https://rustsec.org/advisories/RUSTSEC-2023-0022 Solution: Upgrade to >=0.10.48 Crate: openssl Version: 0.10.45 Title: `openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference Date: 2023-03-24 ID: RUSTSEC-2023-0024 URL: https://rustsec.org/advisories/RUSTSEC-2023-0024 Solution: Upgrade to >=0.10.48 Crate: remove_dir_all Version: 0.5.3 Title: Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Date: 2023-02-24 ID: RUSTSEC-2023-0018 URL: https://rustsec.org/advisories/RUSTSEC-2023-0018 Solution: Upgrade to >=0.8.0 Dependency tree: remove_dir_all 0.5.3 └── tempfile 3.3.0 └── native-tls 0.2.11 ├── tokio-native-tls 0.3.0 │ ├── hyper-tls 0.5.0 │ │ └── hyper-proxy 0.9.1 │ │ └── nix-index 0.1.7 │ └── hyper-proxy 0.9.1 ├── hyper-tls 0.5.0 └── hyper-proxy 0.9.1 Crate: atty Version: 0.2.14 Warning: unsound Title: Potential unaligned read Date: 2021-07-04 ID: RUSTSEC-2021-0145 URL: https://rustsec.org/advisories/RUSTSEC-2021-0145 Dependency tree: atty 0.2.14 ├── nix-index 0.1.7 └── grep-cli 0.1.7 └── grep 0.2.11 └── nix-index 0.1.7 Crate: tokio Version: 1.24.1 Warning: unsound Title: `tokio::io::ReadHalf<T>::unsplit` is Unsound Date: 2023-01-11 ID: RUSTSEC-2023-0005 URL: https://rustsec.org/advisories/RUSTSEC-2023-0005 Dependency tree: tokio 1.24.1 ├── tokio-util 0.7.4 │ └── h2 0.3.15 │ └── hyper 0.14.23 │ ├── nix-index 0.1.7 │ ├── hyper-tls 0.5.0 │ │ └── hyper-proxy 0.9.1 │ │ └── nix-index 0.1.7 │ └── hyper-proxy 0.9.1 ├── tokio-stream 0.1.11 │ └── nix-index 0.1.7 ├── tokio-retry 0.3.0 │ └── nix-index 0.1.7 ├── tokio-native-tls 0.3.0 │ ├── hyper-tls 0.5.0 │ └── hyper-proxy 0.9.1 ├── nix-index 0.1.7 ├── hyper-tls 0.5.0 ├── hyper-proxy 0.9.1 ├── hyper 0.14.23 └── h2 0.3.15 Crate: crossbeam-channel Version: 0.5.6 Warning: yanked Dependency tree: crossbeam-channel 0.5.6 └── rayon-core 1.10.1 └── rayon 1.6.1 └── nix-index 0.1.7 error: 5 vulnerabilities found! warning: 3 allowed warnings found
after
Crate: atty Version: 0.2.14 Warning: unsound Title: Potential unaligned read Date: 2021-07-04 ID: RUSTSEC-2021-0145 URL: https://rustsec.org/advisories/RUSTSEC-2021-0145 Dependency tree: atty 0.2.14 ├── supports-color 1.3.1 │ └── owo-colors 3.5.0 │ └── nix-index 0.1.7 ├── nix-index 0.1.7 └── grep-cli 0.1.7 └── grep 0.2.12 └── nix-index 0.1.7 warning: 1 allowed warning found
related: #200
before
after