This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate libp2p-ratelimit

Dependencies

(7 total, 3 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 aio-limited^0.10.1.1up to date
 bytes^0.41.6.0out of date
 futures^0.10.3.30out of date
 libp2p-core ⚠️^0.8.00.41.2out of date
 log^0.40.4.21up to date
 tokio-executor^0.10.1.10up to date
 tokio-io^0.10.1.13up to date

Security Vulnerabilities

libp2p-core: Failure to properly verify ed25519 signatures makes any signature valid

RUSTSEC-2019-0004

Affected versions of this crate did not properly verify ed25519 signatures. Any signature with a correct length was considered valid.

This allows an attacker to impersonate any node identity.