This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate actix-http

Dependencies

(30 total, 6 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 actix-codec^0.50.5.2up to date
 actix-rt^2.22.9.0up to date
 actix-service^22.0.2up to date
 actix-tls^33.3.0up to date
 actix-utils^33.0.1up to date
 ahash^0.70.8.11out of date
 base64^0.130.22.0out of date
 bitflags^1.22.5.0out of date
 brotli^3.3.33.5.0up to date
 bytes^11.6.0up to date
 bytestring^11.3.1up to date
 derive_more^0.99.50.99.17up to date
 encoding_rs^0.80.8.33up to date
 flate2^1.0.131.0.28up to date
 futures-core^0.3.70.3.30up to date
 h2 ⚠️^0.3.90.4.3out of date
 http^0.2.51.1.0out of date
 httparse^1.5.11.8.0up to date
 httpdate^1.0.11.0.3up to date
 itoa^11.0.11up to date
 language-tags^0.30.3.2up to date
 local-channel^0.10.1.5up to date
 mime^0.30.3.17up to date
 percent-encoding^2.12.3.1up to date
 pin-project-lite^0.20.2.13up to date
 rand^0.80.8.5up to date
 sha1^0.100.10.6up to date
 smallvec^1.6.11.13.2up to date
 tracing^0.1.300.1.40up to date
 zstd^0.110.13.1out of date

Security Vulnerabilities

h2: Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)

RUSTSEC-2024-0003

An attacker with an HTTP/2 connection to an affected endpoint can send a steady stream of invalid frames to force the generation of reset frames on the victim endpoint. By closing their recv window, the attacker could then force these resets to be queued in an unbounded fashion, resulting in Out Of Memory (OOM) and high CPU usage.

This fix is corrected in hyperium/h2#737, which limits the total number of internal error resets emitted by default before the connection is closed.