This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate actix-http

Dependencies

(32 total, 3 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 actix-codec^0.50.5.2up to date
 actix-rt^2.22.9.0up to date
 actix-service^22.0.2up to date
 actix-tls^3.13.3.0up to date
 actix-utils^33.0.1up to date
 ahash^0.80.8.10up to date
 base64^0.210.21.7up to date
 bitflags^22.4.2up to date
 brotli^3.3.33.4.0up to date
 bytes^11.5.0up to date
 bytestring^11.3.1up to date
 derive_more^0.99.50.99.17up to date
 encoding_rs^0.80.8.33up to date
 flate2^1.0.131.0.28up to date
 futures-core^0.3.170.3.30up to date
 h2 ⚠️^0.3.170.4.2out of date
 http^0.2.71.0.0out of date
 httparse^1.5.11.8.0up to date
 httpdate^1.0.11.0.3up to date
 itoa^11.0.10up to date
 language-tags^0.30.3.2up to date
 local-channel^0.10.1.5up to date
 mime^0.3.40.3.17up to date
 percent-encoding^2.12.3.1up to date
 pin-project-lite^0.20.2.13up to date
 rand^0.80.8.5up to date
 sha1^0.100.10.6up to date
 smallvec^1.6.11.13.1up to date
 tokio^1.24.21.36.0up to date
 tokio-util^0.70.7.10up to date
 tracing^0.1.300.1.40up to date
 zstd^0.120.13.0out of date

Security Vulnerabilities

h2: Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)

RUSTSEC-2024-0003

An attacker with an HTTP/2 connection to an affected endpoint can send a steady stream of invalid frames to force the generation of reset frames on the victim endpoint. By closing their recv window, the attacker could then force these resets to be queued in an unbounded fashion, resulting in Out Of Memory (OOM) and high CPU usage.

This fix is corrected in hyperium/h2#737, which limits the total number of internal error resets emitted by default before the connection is closed.