Affected versions of the OpenSSL crate used structures after they'd been freed.
This project contains known security vulnerabilities. Find detailed information at the bottom.
async-tungstenite(15 total, 8 outdated, 2 insecure)
| Crate | Required | Latest | Status |
|---|---|---|---|
| async-std | ^1.0 | 1.9.0 | up to date |
| futures-io | ^0.3 | 0.3.13 | up to date |
| futures-util | ^0.3 | 0.3.13 | insecure |
| gio | ^0.8 | 0.9.1 | out of date |
| glib | ^0.9 | 0.10.3 | out of date |
| log | ^0.4 | 0.4.14 | up to date |
| openssl | ^0.10 | 0.10.32 | insecure |
| pin-project | ^0.4 | 1.0.5 | out of date |
| async-native-tls | ^0.3.0 | 0.3.3 | up to date |
| async-tls | ^0.7 | 0.11.0 | out of date |
| native-tls | ^0.2 | 0.2.7 | up to date |
| tokio-native-tls | ^0.1 | 0.3.0 | out of date |
| tokio-openssl | ^0.4 | 0.6.1 | out of date |
| tokio | ^0.2 | 1.2.0 | out of date |
| tungstenite | ^0.11.0 | 0.13.0 | out of date |
(4 total, 1 outdated)
| Crate | Required | Latest | Status |
|---|---|---|---|
| async-std | ^1.0 | 1.9.0 | up to date |
| env_logger | ^0.7 | 0.8.3 | out of date |
| futures | ^0.3 | 0.3.13 | up to date |
| url | ^2.0.0 | 2.2.1 | up to date |
openssl: Use after free in CMS SigningAffected versions of the OpenSSL crate used structures after they'd been freed.
futures-util: MutexGuard::map can cause a data race in safe codeAffected versions of the crate had a Send/Sync implementation for MappedMutexGuard that only considered variance on T, while MappedMutexGuard dereferenced to U.
This could of led to data races in safe Rust code when a closure used in MutexGuard::map() returns U that is unrelated to T.
The issue was fixed by fixing Send and Sync implementations, and by adding a PhantomData<&'a mut U> marker to the MappedMutexGuard type to tell the compiler that the guard is over
U too.