This project contains known security vulnerabilities. Find detailed information at the bottom.
dtn7(33 total, 16 outdated, 1 insecure, 1 possibly insecure)
| Crate | Required | Latest | Status |
|---|---|---|---|
| actix | ^0.9.0 | 0.13.3 | out of date |
| actix-rt | ^1.0.0 | 2.9.0 | out of date |
| actix-web | ^2.0.0 | 4.5.1 | out of date |
| actix-web-actors | ^2.0.0 | 4.3.0 | out of date |
| anyhow | ^1.0.27 | 1.0.82 | up to date |
| async-trait | ^0.1.26 | 0.1.80 | up to date |
| attohttpc | ^0.12 | 0.28.0 | out of date |
| bp7 | ^0.6.1 | 0.10.6 | out of date |
| bytes | ^0.5.4 | 1.6.0 | out of date |
| clap | ^2.33.0 | 4.5.4 | out of date |
| config | ^0.10.1 | 0.14.0 | out of date |
| crossbeam | ^0.7 | 0.8.4 | out of date |
| futures | ^0.3.4 | 0.3.30 | up to date |
| futures-util | ^0.3.4 | 0.3.30 | up to date |
| humansize | ^1.1.0 | 2.1.3 | out of date |
| humantime | ^2.0.0 | 2.1.0 | up to date |
| lazy_static | ^1.4.0 | 1.4.0 | up to date |
| log | ^0.4 | 0.4.21 | up to date |
| net2 | ^0.2 | 0.2.39 | up to date |
| parking_lot | ^0.10 | 0.12.2 | out of date |
| pretty_env_logger | ^0.4.0 | 0.5.0 | out of date |
| rand | ^0.7 | 0.8.5 | out of date |
| serde | ^1.0 | 1.0.198 | up to date |
| serde_bytes | ^0.11 | 0.11.14 | up to date |
| serde_cbor | ^0.11 | 0.11.2 | up to date |
| serde_json | ^1.0 | 1.0.116 | up to date |
| tempfile | ^3.1.0 | 3.10.1 | up to date |
| thiserror | ^1.0.13 | 1.0.59 | up to date |
| tinytemplate | ^1.0.3 | 1.2.1 | up to date |
| tokio ⚠️ | ^0.2.13 | 1.37.0 | out of date |
| tokio-util | ^0.3.1 | 0.7.10 | out of date |
| url | ^2.1 | 2.5.0 | up to date |
| ws ⚠️ | ^0.9.1 | 0.9.2 | insecure |
ws: Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memoryAffected versions of this crate did not properly check and cap the growth of the outgoing buffer.
This allows a remote attacker to take down the process by growing the buffer of their (single) connection until the process runs out of memory it can allocate and is killed.
The flaw was corrected in the parity-ws fork (>=0.10.0) by disconnecting a client when the buffer runs full.
tokio: Data race when sending and receiving after closing a `oneshot` channelIf a tokio::sync::oneshot channel is closed (via the
oneshot::Receiver::close method), a data race may occur if the
oneshot::Sender::send method is called while the corresponding
oneshot::Receiver is awaited or calling try_recv.
When these methods are called concurrently on a closed channel, the two halves of the channel can concurrently access a shared memory location, resulting in a data race. This has been observed to cause memory corruption.
Note that the race only occurs when both halves of the channel are used
after the Receiver half has called close. Code where close is not used, or where the
Receiver is not awaited and try_recv is not called after calling close,
is not affected.
See tokio#4225 for more details.