This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate hyper

Dependencies

(21 total, 8 outdated, 2 insecure)

CrateRequiredLatestStatus
 bytes^0.4.61.0.1out of date
 futures^0.1.210.3.13out of date
 futures-cpupool^0.1.60.1.8up to date
 h2^0.1.130.3.1out of date
 http^0.1.150.2.3insecure
 http-body^0.10.4.0out of date
 httparse^1.01.3.5up to date
 iovec^0.10.1.4up to date
 itoa^0.4.10.4.7up to date
 log^0.40.4.14up to date
 net2^0.2.320.2.37insecure
 time^0.10.2.25out of date
 tokio^0.1.141.2.0out of date
 tokio-buf^0.10.1.1up to date
 tokio-executor^0.1.00.1.10up to date
 tokio-io^0.10.1.13up to date
 tokio-reactor^0.10.1.12up to date
 tokio-tcp^0.10.1.4up to date
 tokio-threadpool^0.1.160.1.18up to date
 tokio-timer^0.20.2.13up to date
 want^0.20.3.0out of date

Dev dependencies

(10 total, 3 outdated)

CrateRequiredLatestStatus
 futures-timer^0.13.0.2out of date
 num_cpus^1.01.13.0up to date
 pretty_env_logger^0.30.4.0out of date
 serde^1.01.0.123up to date
 serde_derive^1.01.0.123up to date
 serde_json^1.01.0.64up to date
 spmc^0.30.3.0up to date
 tokio-fs^0.10.1.7up to date
 tokio-mockstream^1.1.01.1.0up to date
 url^1.02.2.1out of date

Security Vulnerabilities

http: Integer Overflow in HeaderMap::reserve() can cause Denial of Service

RUSTSEC-2019-0033

HeaderMap::reserve() used usize::next_power_of_two() to calculate the increased capacity. However, next_power_of_two() silently overflows to 0 if given a sufficently large number in release mode.

If the map was not empty when the overflow happens, the library will invoke self.grow(0) and start infinite probing. This allows an attacker who controls the argument to reserve() to cause a potential denial of service (DoS).

The flaw was corrected in 0.1.20 release of http crate.

http: HeaderMap::Drain API is unsound

RUSTSEC-2019-0034

net2: `net2` crate has been deprecated; use `socket2` instead

RUSTSEC-2020-0016

The net2 crate has been deprecated and users are encouraged to considered socket2 instead.