This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate actix-http

Dependencies

(32 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 actix-codec^0.50.5.1up to date
 actix-rt^2.22.9.0up to date
 actix-service^22.0.2up to date
 actix-tls^33.1.1up to date
 actix-utils^33.0.1up to date
 ahash^0.80.8.3up to date
 base64^0.210.21.4up to date
 bitflags^1.22.4.0out of date
 brotli^3.3.33.3.4up to date
 bytes^11.5.0up to date
 bytestring^11.3.0up to date
 derive_more^0.99.50.99.17up to date
 encoding_rs^0.80.8.33up to date
 flate2^1.0.131.0.27up to date
 futures-core^0.3.170.3.28up to date
 h2 ⚠️^0.3.90.3.21maybe insecure
 http^0.2.70.2.9up to date
 httparse^1.5.11.8.0up to date
 httpdate^1.0.11.0.3up to date
 itoa^11.0.9up to date
 language-tags^0.30.3.2up to date
 local-channel^0.10.1.4up to date
 mime^0.30.3.17up to date
 percent-encoding^2.12.3.0up to date
 pin-project-lite^0.20.2.13up to date
 rand^0.80.8.5up to date
 sha1^0.100.10.5up to date
 smallvec^1.6.11.11.1up to date
 tokio^1.24.21.32.0up to date
 tokio-util^0.70.7.9up to date
 tracing^0.1.300.1.37up to date
 zstd^0.120.12.4up to date

Security Vulnerabilities

h2: Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)

RUSTSEC-2023-0034

If an attacker is able to flood the network with pairs of HEADERS/RST_STREAM frames, such that the h2 application is not able to accept them faster than the bytes are received, the pending accept queue can grow in memory usage. Being able to do this consistently can result in excessive memory use, and eventually trigger Out Of Memory.

This flaw is corrected in hyperium/h2#668, which restricts remote reset stream count by default.