Deps.rs

actix-files 0.6.0-beta.5

[![dependency status](https://deps.rs/crate/actix-files/0.6.0-beta.5/status.svg)](https://deps.rs/crate/actix-files/0.6.0-beta.5)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate actix-files

Dependencies

(14 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 actix-http ⚠️^3.0.0-beta.73.7.0maybe insecure
 actix-service^2.0.02.0.2up to date
 actix-utils^3.0.03.0.1up to date
 actix-web^4.0.0-beta.74.6.0up to date
 askama_escape^0.100.10.3up to date
 bitflags^12.5.0out of date
 bytes^11.6.0up to date
 derive_more^0.99.50.99.17up to date
 futures-core^0.3.70.3.30up to date
 http-range^0.1.40.1.5up to date
 log^0.40.4.21up to date
 mime^0.30.3.17up to date
 mime_guess^2.0.12.0.4up to date
 percent-encoding^2.12.3.1up to date

Security Vulnerabilities

actix-http: Potential request smuggling capabilities due to lack of input validation

RUSTSEC-2021-0081

Affected versions of this crate did not properly detect invalid requests that could allow HTTP/1 request smuggling (HRS) attacks when running alongside a vulnerable front-end proxy server. This can result in leaked internal and/or user data, including credentials, when the front-end proxy is also vulnerable.

Popular front-end proxies and load balancers already mitigate HRS attacks so it is recommended that they are also kept up to date; check your specific set up. You should upgrade even if the front-end proxy receives exclusively HTTP/2 traffic and connects to the back-end using HTTP/1; several downgrade attacks are known that can also expose HRS vulnerabilities.