This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate attohttpc

Dependencies

(11 total, 2 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 encoding_rs^0.80.8.35up to date
 encoding_rs_io^0.10.1.7up to date
 flate2^1.01.1.2up to date
 http^0.21.3.1out of date
 log^0.40.4.27up to date
 native-tls^0.20.2.14up to date
 openssl ⚠️^0.10.260.10.73maybe insecure
 serde^11.0.219up to date
 serde_json^11.0.140up to date
 serde_urlencoded^0.60.7.1out of date
 url^22.5.4up to date

Dev dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 env_logger^0.70.11.8out of date
 lazy_static^11.5.0up to date
 rouille^33.6.2up to date

Security Vulnerabilities

openssl: Use-After-Free in `Md::fetch` and `Cipher::fetch`

RUSTSEC-2025-0022

When a Some(...) value was passed to the properties argument of either of these functions, a use-after-free would result.

In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to CString::drop's behavior).

The maintainers thank quitbug for reporting this vulnerability to us.