This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate compu

Dependencies

(2 total, 2 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 cloudflare-zlib-sys^0.20.3.3out of date
 compu-brotli-sys ⚠️^0.11.0.10out of date

Security Vulnerabilities

compu-brotli-sys: Integer overflow in the bundled Brotli C library

RUSTSEC-2021-0132

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB.

If one cannot update the C library, its authors recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.