This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate ndarray

Dependencies

(7 total, 5 outdated, 1 insecure)

CrateRequiredLatestStatus
 blas-sys^0.6.50.9.0out of date
 itertools^0.7.00.14.0out of date
 matrixmultiply^0.1.130.3.10out of date
 num-complex^0.1.320.4.6out of date
 num-traits^0.1.320.2.19out of date
 rustc-serialize ⚠️^0.3.200.3.25insecure
 serde^1.01.0.219up to date

Dev dependencies

(2 total, 2 outdated)

CrateRequiredLatestStatus
 defmac^0.10.2.1out of date
 rawpointer^0.10.2.1out of date

Security Vulnerabilities

rustc-serialize: Stack overflow in rustc_serialize when parsing deeply nested JSON

RUSTSEC-2022-0004

When parsing JSON using json::Json::from_str, there is no limit to the depth of the stack, therefore deeply nested objects can cause a stack overflow, which aborts the process.

Example code that triggers the vulnerability is

fn main() {
    let _ = rustc_serialize::json::Json::from_str(&"[0,[".repeat(10000));
}

serde is recommended as a replacement to rustc_serialize.