This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate wasmer-clif-backend

Dependencies

(19 total, 7 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 byteorder^1.3.21.5.0up to date
 cranelift-codegen ⚠️^0.59.00.115.0out of date
 cranelift-entity^0.59.00.115.0out of date
 wasmer-clif-fork-frontend^0.59.00.59.0up to date
 cranelift-native^0.59.00.115.0out of date
 wasmer-clif-fork-wasm^0.59.00.59.0up to date
 libc^0.2.600.2.169up to date
 nix^0.15.00.29.0out of date
 rayon^1.11.10.0up to date
 serde^1.01.0.216up to date
 serde-bench^0.0.70.0.11out of date
 serde_bytes^0.110.11.15up to date
 serde_derive^1.01.0.216up to date
 target-lexicon^0.100.13.1out of date
 wasm-debug^0.20.2.0up to date
 wasmer-runtime-core^0.17.10.17.1up to date
 wasmer-win-exception-handler^0.17.10.17.1up to date
 wasmparser^0.51.30.222.0out of date
 winapi^0.30.3.9up to date

Security Vulnerabilities

cranelift-codegen: Memory access due to code generation flaw in Cranelift module

RUSTSEC-2021-0067

There is a bug in 0.73.0 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape in a WebAssembly module. Users of versions 0.73.0 of Cranelift should upgrade to either 0.73.1 or 0.74 to remediate this vulnerability. Users of Cranelift prior to 0.73.0 should update to 0.73.1 or 0.74 if they were not using the old default backend.

More details can be found in the GitHub Security Advisory at:

https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hpqh-2wqx-7qp5