This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate ureq

Dependencies

(19 total, 4 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 base64^0.220.22.1up to date
 brotli-decompressor^4.0.05.0.0out of date
 cookie^0.180.18.1up to date
 cookie_store^0.210.21.1up to date
 encoding_rs^0.80.8.35up to date
 flate2^1.0.221.1.2up to date
 hootbin^0.1.50.1.5up to date
 http^0.21.3.1out of date
 log^0.40.4.27up to date
 native-tls^0.20.2.14up to date
 once_cell^11.21.3up to date
 rustls ⚠️^0.23.50.23.27maybe insecure
 rustls-native-certs^0.70.8.1out of date
 rustls-pki-types^11.12.0up to date
 serde^11.0.219up to date
 serde_json>=1.0.971.0.140up to date
 socks^0.30.3.4up to date
 url^22.5.4up to date
 webpki-roots^0.261.0.0out of date

Dev dependencies

(4 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 env_logger<=0.90.11.8out of date
 rustls ⚠️^0.23.50.23.27maybe insecure
 rustls-pemfile^2.02.2.0up to date
 serde^11.0.219up to date

Security Vulnerabilities

rustls: rustls network-reachable panic in `Acceptor::accept`

RUSTSEC-2024-0399

A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept() are affected.

Servers that use tokio-rustls's LazyConfigAcceptor API are affected.

Servers that use tokio-rustls's TlsAcceptor API are not affected.

Servers that use rustls-ffi's rustls_acceptor_accept API are affected.