This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate native-tls

Dependencies

(10 total, 2 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 lazy_static^1.01.4.0up to date
 libc^0.20.2.153up to date
 log^0.4.50.4.21up to date
 openssl ⚠️^0.10.150.10.64maybe insecure
 openssl-probe^0.10.1.5up to date
 openssl-sys^0.9.300.9.101up to date
 schannel^0.1.130.1.23up to date
 security-framework^0.3.12.9.2out of date
 security-framework-sys^0.3.12.9.1out of date
 tempfile^3.03.10.1up to date

Dev dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 hex^0.30.4.3out of date

Security Vulnerabilities

openssl: `openssl` `X509VerifyParamRef::set_host` buffer over-read

RUSTSEC-2023-0044

When this function was passed an empty string, openssl would attempt to call strlen on it, reading arbitrary memory until it reached a NUL byte.