This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate warp

Dependencies

(24 total, 1 outdated, 1 insecure)

CrateRequiredLatestStatus
 async-compression^0.3.70.3.7up to date
 bytes^1.01.0.1up to date
 futures^0.30.3.13up to date
 headers^0.30.3.3up to date
 http^0.20.2.3up to date
 hyper^0.140.14.4insecure
 log^0.40.4.14up to date
 mime^0.30.3.16up to date
 mime_guess^2.0.02.0.3up to date
 multipart^0.170.17.1up to date
 percent-encoding^2.12.1.0up to date
 pin-project^1.01.0.5up to date
 scoped-tls^1.01.0.0up to date
 serde^1.01.0.123up to date
 serde_json^1.01.0.64up to date
 serde_urlencoded^0.70.7.0up to date
 tokio^1.01.2.0up to date
 tokio-rustls^0.220.22.0up to date
 tokio-stream^0.1.10.1.3up to date
 tokio-tungstenite^0.130.14.0out of date
 tokio-util^0.60.6.3up to date
 tower-service^0.30.3.1up to date
 tracing^0.10.1.25up to date
 tracing-futures^0.20.2.5up to date

Dev dependencies

(8 total, all up-to-date)

CrateRequiredLatestStatus
 handlebars^3.0.03.5.3up to date
 listenfd^0.30.3.3up to date
 pretty_env_logger^0.40.4.0up to date
 serde_derive^1.01.0.123up to date
 tokio^1.01.2.0up to date
 tokio-stream^0.1.10.1.3up to date
 tracing-log^0.10.1.2up to date
 tracing-subscriber^0.2.70.2.16up to date

Security Vulnerabilities

hyper: Multiple Transfer-Encoding headers misinterprets request payload

RUSTSEC-2021-0020

hyper's HTTP server code had a flaw that incorrectly understands some requests with multiple transfer-encoding headers to have a chunked payload, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that understands the request payload boundary differently can result in "request smuggling" or "desync attacks".