This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate webdriver

Dependencies

(13 total, 6 outdated, 1 insecure)

CrateRequiredLatestStatus
 base64^0.100.13.0out of date
 cookie^0.120.15.0out of date
 http^0.10.2.3insecure
 log^0.40.4.14up to date
 regex^1.01.4.3up to date
 serde^1.01.0.123up to date
 serde_derive^1.01.0.123up to date
 serde_json^1.01.0.64up to date
 time^0.10.2.25out of date
 tokio^0.11.2.0out of date
 unicode-segmentation^1.21.7.1up to date
 url^2.02.2.1up to date
 warp^0.10.3.0out of date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 lazy_static^1.01.4.0up to date

Security Vulnerabilities

http: Integer Overflow in HeaderMap::reserve() can cause Denial of Service

RUSTSEC-2019-0033

HeaderMap::reserve() used usize::next_power_of_two() to calculate the increased capacity. However, next_power_of_two() silently overflows to 0 if given a sufficently large number in release mode.

If the map was not empty when the overflow happens, the library will invoke self.grow(0) and start infinite probing. This allows an attacker who controls the argument to reserve() to cause a potential denial of service (DoS).

The flaw was corrected in 0.1.20 release of http crate.

http: HeaderMap::Drain API is unsound

RUSTSEC-2019-0034