Deps.rs

actix-web-actors 3.0.0

[![dependency status](https://deps.rs/crate/actix-web-actors/3.0.0/status.svg)](https://deps.rs/crate/actix-web-actors/3.0.0)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate actix-web-actors

Dependencies

(8 total, 6 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 actix^0.10.00.13.3out of date
 actix-codec^0.3.00.5.2out of date
 actix-http ⚠️^2.0.03.6.0out of date
 actix-web^3.0.04.5.1out of date
 bytes^0.5.21.6.0out of date
 futures-channel^0.3.50.3.30up to date
 futures-core^0.3.50.3.30up to date
 pin-project^0.4.171.1.5out of date

Security Vulnerabilities

actix-http: Potential request smuggling capabilities due to lack of input validation

RUSTSEC-2021-0081

Affected versions of this crate did not properly detect invalid requests that could allow HTTP/1 request smuggling (HRS) attacks when running alongside a vulnerable front-end proxy server. This can result in leaked internal and/or user data, including credentials, when the front-end proxy is also vulnerable.

Popular front-end proxies and load balancers already mitigate HRS attacks so it is recommended that they are also kept up to date; check your specific set up. You should upgrade even if the front-end proxy receives exclusively HTTP/2 traffic and connects to the back-end using HTTP/1; several downgrade attacks are known that can also expose HRS vulnerabilities.