This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate ureq

Dependencies

(19 total, 2 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 base64^0.220.22.1up to date
 brotli-decompressor^4.0.04.0.1up to date
 cookie^0.180.18.1up to date
 cookie_store^0.210.21.1up to date
 encoding_rs^0.80.8.35up to date
 flate2^1.0.221.0.35up to date
 hootbin^0.1.50.1.5up to date
 http^0.21.2.0out of date
 log^0.40.4.22up to date
 native-tls^0.20.2.12up to date
 once_cell^11.20.2up to date
 rustls ⚠️^0.23.50.23.20maybe insecure
 rustls-native-certs^0.70.8.1out of date
 rustls-pki-types^11.10.0up to date
 serde^11.0.216up to date
 serde_json>=1.0.971.0.133up to date
 socks^0.30.3.4up to date
 url^22.5.4up to date
 webpki-roots^0.260.26.7up to date

Dev dependencies

(4 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 env_logger<=0.90.11.5out of date
 rustls ⚠️^0.23.50.23.20maybe insecure
 rustls-pemfile^2.02.2.0up to date
 serde^11.0.216up to date

Security Vulnerabilities

rustls: rustls network-reachable panic in `Acceptor::accept`

RUSTSEC-2024-0399

A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept() are affected.

Servers that use tokio-rustls's LazyConfigAcceptor API are affected.

Servers that use tokio-rustls's TlsAcceptor API are not affected.

Servers that use rustls-ffi's rustls_acceptor_accept API are affected.