This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.
check-if-email-exists(9 total, 4 outdated, 1 possibly insecure)
| Crate | Required | Latest | Status |
|---|---|---|---|
| futures | ^0.3 | 0.3.31 | up to date |
| lettre ⚠️ | ^0.9 | 0.11.17 | out of date |
| log | ^0.4 | 0.4.27 | up to date |
| mailchecker | ^3.3 | 6.0.17 | out of date |
| native-tls | ^0.2 | 0.2.14 | up to date |
| rand | ^0.7 | 0.9.1 | out of date |
| serde | ^1.0 | 1.0.219 | up to date |
| serde_json | ^1.0 | 1.0.140 | up to date |
| trust-dns-resolver | ^0.12.0 | 0.23.2 | out of date |
lettre: SMTP command injection in bodyAffected versions of lettre allowed SMTP command injection through an attacker's controlled message body. The module for escaping lines starting with a period wouldn't catch a period that was placed after a double CRLF sequence, allowing the attacker to end the current message and write arbitrary SMTP commands after it.
The flaw is fixed by correctly handling consecutive CRLF sequences.