This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate servo-net-traits

Dependencies

(33 total, 2 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 content-security-policy^0.8.00.8.0up to date
 cookie^0.180.18.1up to date
 crossbeam-channel^0.50.5.15up to date
 data-url^0.30.3.2up to date
 servo-embedder-traits=0.3.00.3.0up to date
 headers^0.40.4.1up to date
 http^1.41.4.2up to date
 hyper-util^0.10.1.20up to date
 servo-hyper-serde=0.3.00.3.0up to date
 ipc-channel^0.220.22.0up to date
 log^0.4.300.4.33up to date
 servo-malloc-size-of=0.3.00.3.0up to date
 malloc_size_of_derive^0.10.1.3up to date
 mime^0.3.130.3.17up to date
 num-traits^0.20.2.19up to date
 servo-paint-api=0.3.00.3.0up to date
 parking_lot^0.120.12.5up to date
 percent-encoding^2.32.3.2up to date
 servo-pixels=0.3.00.3.0up to date
 servo-profile-traits=0.3.00.3.0up to date
 rand^0.90.10.1out of date
 rustc-hash^2.1.22.1.2up to date
 rustls-pki-types^1.141.15.0up to date
 serde^1.0.2281.0.228up to date
 servo-base=0.3.00.3.0up to date
 servo-config=0.3.00.3.0up to date
 servo-url=0.3.00.3.0up to date
 servo_arc^0.4.30.4.3up to date
 sys-locale^0.30.3.2up to date
 tokio ⚠️^11.52.3maybe insecure
 url^2.52.5.8up to date
 uuid^1.23.11.23.4up to date
 webrender_api^0.680.69.0out of date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 servo-default-resources=0.3.00.3.0up to date

Security Vulnerabilities

tokio: reject_remote_clients Configuration corruption

RUSTSEC-2023-0001

On Windows, configuring a named pipe server with pipe_mode will force ServerOptions::reject_remote_clients as false.

This drops any intended explicit configuration for the reject_remote_clients that may have been set as true previously.

The default setting of reject_remote_clients is normally true meaning the default is also overridden as false.

Workarounds

Ensure that pipe_mode is set first after initializing a ServerOptions. For example:

let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);