This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate in_stream

Dependencies

(15 total, 11 outdated, 2 possibly insecure)

CrateRequiredLatestStatus
 crossbeam-channel^0.30.5.15out of date
 env_logger^0.60.11.8out of date
 lazy_static=1.4.01.5.0out of date
 log^0.40.4.27up to date
 nanoid^0.20.4.0out of date
 native-tls^0.20.2.14up to date
 net2^0.20.2.39up to date
 openssl ⚠️^0.100.10.73maybe insecure
 parking_lot^0.90.12.4out of date
 serde=1.0.1041.0.219out of date
 serde_derive=1.0.1041.0.219out of date
 serde_json=1.0.471.0.140out of date
 shrinkwraprs^0.20.3.0out of date
 tungstenite ⚠️^0.9.20.27.0out of date
 url2^0.0.40.0.6out of date

Security Vulnerabilities

tungstenite: Tungstenite allows remote attackers to cause a denial of service

RUSTSEC-2023-0065

The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions of bytes).

openssl: Use-After-Free in `Md::fetch` and `Cipher::fetch`

RUSTSEC-2025-0022

When a Some(...) value was passed to the properties argument of either of these functions, a use-after-free would result.

In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to CString::drop's behavior).

The maintainers thank quitbug for reporting this vulnerability to us.