Deps.rs

actix-ratelimit 0.3.1

[![dependency status](https://deps.rs/crate/actix-ratelimit/0.3.1/status.svg)](https://deps.rs/crate/actix-ratelimit/0.3.1)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate actix-ratelimit

Dependencies

(10 total, 6 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 actix^0.100.13.5out of date
 actix-http ⚠️^2.2.03.10.0out of date
 actix-web^3.3.24.10.2out of date
 backoff^0.2.10.4.0out of date
 dashmap^4.0.16.1.0out of date
 failure^0.1.80.1.8up to date
 futures^0.3.80.3.31up to date
 log^0.4.110.4.27up to date
 r2d2-memcache^0.60.6.0up to date
 redis^0.15.10.30.0out of date

Dev dependencies

(3 total, 2 outdated)

CrateRequiredLatestStatus
 actix-rt^1.1.12.10.0out of date
 env_logger^0.8.20.11.8out of date
 version-sync^0.9.10.9.5up to date

Security Vulnerabilities

actix-http: Potential request smuggling capabilities due to lack of input validation

RUSTSEC-2021-0081

Affected versions of this crate did not properly detect invalid requests that could allow HTTP/1 request smuggling (HRS) attacks when running alongside a vulnerable front-end proxy server. This can result in leaked internal and/or user data, including credentials, when the front-end proxy is also vulnerable.

Popular front-end proxies and load balancers already mitigate HRS attacks so it is recommended that they are also kept up to date; check your specific set up. You should upgrade even if the front-end proxy receives exclusively HTTP/2 traffic and connects to the back-end using HTTP/1; several downgrade attacks are known that can also expose HRS vulnerabilities.