This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate aragog_cli

Dependencies

(12 total, 5 outdated, 2 possibly insecure)

CrateRequiredLatestStatus
 aragog^0.170.17.1up to date
 arangors_lite^0.20.2.0up to date
 chrono ⚠️^0.40.4.39maybe insecure
 clap^3.24.5.23out of date
 clap_complete^3.24.5.40out of date
 exitcode^1.11.1.2up to date
 log^0.40.4.22up to date
 prettytable-rs^0.80.10.0out of date
 serde^1.01.0.216up to date
 serde_json^1.01.0.134up to date
 serde_yaml ⚠️^0.80.9.34+deprecatedout of date
 thiserror^1.02.0.9out of date

Security Vulnerabilities

serde_yaml: Uncontrolled recursion leads to abort in deserialization

RUSTSEC-2018-0005

Affected versions of this crate did not properly check for recursion while deserializing aliases.

This allows an attacker to make a YAML file with an alias referring to itself causing an abort.

The flaw was corrected by checking the recursion depth.

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References