This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate rustpython-vm

Dependencies

(68 total, 20 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 ahash^0.7.60.8.11out of date
 ascii^1.01.1.0up to date
 atty^0.2.140.2.14up to date
 bitflags^2.2.12.5.0up to date
 bstr^0.2.171.9.1out of date
 caseless^0.2.10.2.1up to date
 cfg-if^1.01.0.0up to date
 chrono ⚠️^0.4.190.4.37maybe insecure
 crossbeam-utils^0.8.90.8.19up to date
 exitcode^1.1.21.1.2up to date
 flame^0.2.20.2.2up to date
 flamer^0.40.5.0out of date
 getrandom^0.2.60.2.12up to date
 half^1.8.22.4.0out of date
 hex^0.4.30.4.3up to date
 indexmap^1.8.12.2.6out of date
 is-macro^0.2.20.3.5out of date
 itertools^0.10.30.12.1out of date
 libc^0.2.1330.2.153up to date
 log^0.4.160.4.21up to date
 malachite-bigint^0.1.00.2.0out of date
 memchr^2.4.12.7.2up to date
 memoffset^0.6.50.9.1out of date
 nix^0.260.28.0out of date
 num-complex^0.4.00.4.5up to date
 num-integer^0.1.440.1.46up to date
 num-traits^0.20.2.18up to date
 num_cpus^1.13.11.16.0up to date
 num_enum^0.5.70.7.2out of date
 once_cell^1.131.19.0up to date
 optional^0.5.00.5.0up to date
 parking_lot^0.120.12.1up to date
 paste^1.0.71.0.14up to date
 rand^0.8.50.8.5up to date
 result-like^0.4.50.5.0out of date
 rustpython-ast^0.3.00.3.0up to date
 rustpython-codegen^0.3.00.3.0up to date
 rustpython-common^0.3.00.3.0up to date
 rustpython-compiler^0.3.00.3.0up to date
 rustpython-compiler-core^0.3.00.3.0up to date
 rustpython-derive^0.3.00.3.0up to date
 rustpython-format^0.3.00.3.0up to date
 rustpython-jit^0.3.00.3.0up to date
 rustpython-literal^0.3.00.3.0up to date
 rustpython-parser^0.3.00.3.0up to date
 rustpython-parser-core^0.3.00.3.0up to date
 rustyline^1114.0.0out of date
 schannel^0.1.190.1.23up to date
 serde^1.01.0.197up to date
 sre-engine^0.4.10.4.3up to date
 static_assertions^1.11.1.0up to date
 strum^0.24.00.26.2out of date
 strum_macros^0.24.00.26.2out of date
 thiserror^1.01.0.58up to date
 thread_local^1.1.41.1.8up to date
 timsort^0.1.20.1.3up to date
 uname^0.1.10.1.1up to date
 unic-ucd-bidi^0.9.00.9.0up to date
 unic-ucd-category^0.9.00.9.0up to date
 unic-ucd-ident^0.9.00.9.0up to date
 unicode-casing^0.1.00.1.0up to date
 unicode_names2^0.6.01.2.2out of date
 wasm-bindgen^0.2.800.2.92up to date
 which^4.2.56.0.1out of date
 widestring^0.5.11.0.2out of date
 winapi^0.3.90.3.9up to date
 windows^0.39.00.54.0out of date
 winreg^0.10.10.52.0out of date

Security Vulnerabilities

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References