This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate actix-test

Dependencies

(17 total, 2 possibly insecure)

CrateRequiredLatestStatus
 actix-codec^0.50.5.2up to date
 actix-http^3.73.9.0up to date
 actix-http-test^33.2.0up to date
 actix-rt^2.12.10.0up to date
 actix-service^22.0.2up to date
 actix-utils^33.0.1up to date
 actix-web^4.64.9.0up to date
 awc^3.53.5.1up to date
 futures-core^0.3.170.3.31up to date
 futures-util^0.3.170.3.31up to date
 log^0.40.4.25up to date
 serde^11.0.217up to date
 serde_json^11.0.137up to date
 serde_urlencoded^0.70.7.1up to date
 openssl ⚠️^0.10.550.10.68maybe insecure
 rustls ⚠️^0.230.23.21maybe insecure
 tokio^1.24.21.43.0up to date

Security Vulnerabilities

openssl: `MemBio::get_buf` has undefined behavior with empty buffers

RUSTSEC-2024-0357

Previously, MemBio::get_buf called slice::from_raw_parts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.

rustls: rustls network-reachable panic in `Acceptor::accept`

RUSTSEC-2024-0399

A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept() are affected.

Servers that use tokio-rustls's LazyConfigAcceptor API are affected.

Servers that use tokio-rustls's TlsAcceptor API are not affected.

Servers that use rustls-ffi's rustls_acceptor_accept API are affected.