This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate url

Dependencies

(7 total, 3 outdated, 1 insecure)

CrateRequiredLatestStatus
 encoding^0.20.2.33up to date
 heapsize>=0.4.1, <0.50.4.2up to date
 idna^0.1.01.0.2out of date
 matches^0.10.1.10up to date
 percent-encoding^1.0.02.3.1out of date
 rustc-serialize ⚠️^0.30.3.25insecure
 serde>=0.6.1, <0.91.0.210out of date

Dev dependencies

(4 total, 1 outdated, 1 insecure)

CrateRequiredLatestStatus
 bencher^0.10.1.5up to date
 rustc-serialize ⚠️^0.30.3.25insecure
 rustc-test^0.30.3.1up to date
 serde_json>=0.6.1, <0.91.0.128out of date

Security Vulnerabilities

rustc-serialize: Stack overflow in rustc_serialize when parsing deeply nested JSON

RUSTSEC-2022-0004

When parsing JSON using json::Json::from_str, there is no limit to the depth of the stack, therefore deeply nested objects can cause a stack overflow, which aborts the process.

Example code that triggers the vulnerability is

fn main() {
    let _ = rustc_serialize::json::Json::from_str(&"[0,[".repeat(10000));
}

serde is recommended as a replacement to rustc_serialize.