This project contains known security vulnerabilities. Find detailed information at the bottom.
hunter(19 total, 10 outdated, 1 insecure, 1 possibly insecure)
| Crate | Required | Latest | Status |
|---|---|---|---|
| alphanumeric-sort | ^1.0.6 | 1.5.3 | up to date |
| chrono ⚠️ | ^0.4 | 0.4.41 | maybe insecure |
| dirs-2 | ^1.1.0 | 3.0.1 | out of date |
| failure | ^0.1.5 | 0.1.8 | up to date |
| failure_derive | ^0.1.1 | 0.1.8 | up to date |
| lazy_static | ^0.2.11 | 1.5.0 | out of date |
| libc | ^0.2.51 | 0.2.174 | up to date |
| lscolors | ^0.5.0 | 0.20.0 | out of date |
| notify | ^4.0.9 | 8.1.0 | out of date |
| osstrtools | ^0.1.0 | 0.2.2 | out of date |
| parse-ansi | ^0.1.6 | 0.1.6 | up to date |
| rayon | ^1.0.3 | 1.10.0 | up to date |
| signal-notify | ^0.1.3 | 0.1.3 | up to date |
| systemstat | ^0.1.4 | 0.2.4 | out of date |
| termion | ^1.5.1 | 4.0.5 | out of date |
| tree_magic | ^0.2.1 | 0.2.3 | up to date |
| unicode-width | ^0.1.5 | 0.2.1 | out of date |
| users ⚠️ | ^0.8 | 0.11.0 | insecure |
| x11-clipboard | ^0.3.1 | 0.9.3 | out of date |
chrono: Potential segfault in `localtime_r` invocationsUnix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.
No workarounds are known.
users: `root` appended to group listingsAffected versions append root to group listings, unless the correct listing
has exactly 1024 groups.
This affects both:
If the caller uses this information for access control, this may lead to privilege escalation.
This crate is not currently maintained, so a patched version is not available.
Versions older than 0.8.0 do not contain the affected functions, so downgrading to them is a workaround.