This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate actix-multipart

Dependencies

(9 total, 2 insecure)

CrateRequiredLatestStatus
 actix-utils^3.0.0-beta.23.0.0insecure
 actix-web^4.0.0-beta.23.3.2insecure
 bytes^11.0.1up to date
 derive_more^0.99.50.99.13up to date
 futures-util^0.3.70.3.14up to date
 httparse^1.31.4.0up to date
 log^0.40.4.14up to date
 mime^0.30.3.16up to date
 twoway^0.20.2.1up to date

Security Vulnerabilities

actix-web: Multiple memory safety issues

RUSTSEC-2018-0019

Affected versions contain multiple memory safety issues, such as:

  • Unsoundly coercing immutable references to mutable references
  • Unsoundly extending lifetimes of strings
  • Adding the Send marker trait to objects that cannot be safely sent between threads

This may result in a variety of memory corruption scenarios, most likely use-after-free.

A signficant refactoring effort has been conducted to resolve these issues.

actix-utils: bespoke Cell implementation allows obtaining several mutable references to the same data

RUSTSEC-2020-0045

The custom implementation of a Cell primitive in the affected versions of this crate does not keep track of mutable references to the underlying data.

This allows obtaining several mutable references to the same object which may result in arbitrary memory corruption, most likely use-after-free.

The flaw was corrected by switching from a bespoke Cell<T> implementation to Rc<RefCell<T>>.