Deps.rs

solicit 0.4.4

[![dependency status](https://deps.rs/crate/solicit/0.4.4/status.svg)](https://deps.rs/crate/solicit/0.4.4)

This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate solicit

Dependencies

(3 total, 2 outdated, 1 insecure, 1 possibly insecure)

CrateRequiredLatestStatus
 hpack ⚠️^0.20.3.0insecure
 log^0.30.4.21out of date
 openssl ⚠️*0.10.64maybe insecure

Security Vulnerabilities

openssl: `openssl` `X509VerifyParamRef::set_host` buffer over-read

RUSTSEC-2023-0044

When this function was passed an empty string, openssl would attempt to call strlen on it, reading arbitrary memory until it reached a NUL byte.

hpack: HPACK decoder panics on invalid input

RUSTSEC-2023-0085

Due to insufficient checking of input data, decoding certain data sequences can lead to Decoder::decode panicking rather than returning an error.

Example code that triggers this vulnerability looks like this:

use hpack::Decoder;

pub fn main() {
  let input = &[0x3f];
  let mut decoder = Decoder::new();
  let _ = decoder.decode(input);
}

hpack is unmaintained. A crate with the panics fixed has been published as hpack-patched.

Also consider using fluke-hpack or httlib-huffman as an alternative.