This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate hyper-openssl

Dependencies

(10 total, 4 outdated, 1 insecure)

CrateRequiredLatestStatus
 antidote^1.0.01.0.0up to date
 bytes^0.41.0.1out of date
 futures^0.1.140.3.13out of date
 hyper^0.12.140.14.4insecure
 lazy_static^1.01.4.0up to date
 linked_hash_set^0.10.1.4up to date
 openssl^0.10.190.10.32up to date
 openssl-sys^0.9.260.9.60up to date
 tokio-io^0.1.20.1.13up to date
 tokio-openssl^0.30.6.1out of date

Dev dependencies

(2 total, 2 outdated, 1 insecure)

CrateRequiredLatestStatus
 hyper^0.120.14.4insecure
 tokio^0.11.2.0out of date

Security Vulnerabilities

hyper: Multiple Transfer-Encoding headers misinterprets request payload

RUSTSEC-2021-0020

hyper's HTTP server code had a flaw that incorrectly understands some requests with multiple transfer-encoding headers to have a chunked payload, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that understands the request payload boundary differently can result in "request smuggling" or "desync attacks".