This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate rust_cast

Dependencies

(7 total, 1 outdated, 2 possibly insecure)

CrateRequiredLatestStatus
 byteorder^1.2.61.5.0up to date
 log^0.4.50.4.27up to date
 openssl ⚠️^0.10.130.10.73maybe insecure
 protobuf ⚠️^2.1.13.7.2out of date
 serde^1.0.801.0.219up to date
 serde_derive^1.0.801.0.219up to date
 serde_json^1.0.321.0.140up to date

Security Vulnerabilities

protobuf: Crash due to uncontrolled recursion in protobuf crate

RUSTSEC-2024-0437

Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input.

This allows an attacker to cause a stack overflow when parsing the mssage on untrusted data.

openssl: Use-After-Free in `Md::fetch` and `Cipher::fetch`

RUSTSEC-2025-0022

When a Some(...) value was passed to the properties argument of either of these functions, a use-after-free would result.

In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to CString::drop's behavior).

The maintainers thank quitbug for reporting this vulnerability to us.