This project might be open to known security vulnerabilities , which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom .
Crate mina-rs-base
Dependencies (2 total, 2 outdated)
Crate Required Latest Status ark-ec ^0.3.0
0.5.0
out of date getrandom ^0.2
0.3.3
out of date
Crate mina-consensus
Dev dependencies (3 total, all up-to-date)
Crate mina-crypto
Dependencies (3 total, all up-to-date)
Crate Required Latest Status blake2 ^0.10
0.10.6
up to date serde ^1
1.0.219
up to date serde_json ^1
1.0.140
up to date
Crate mina-merkle
Dependencies (1 total, all up-to-date)
Crate Required Latest Status serde ^1
1.0.219
up to date
Dev dependencies (2 total, 1 outdated)
Crate Required Latest Status serde_json ^1
1.0.140
up to date rocksdb ^0.19.0
0.23.0
out of date
Crate mina-network
Dependencies (4 total, 3 outdated, 1 possibly insecure)
Dev dependencies (3 total, 1 possibly insecure)
Crate mina-ledger
Dependencies (1 total, 1 outdated)
Crate Required Latest Status rocksdb ^0.19.0
0.23.0
out of date
Crate proof-systems
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status serde_json ^1
1.0.140
up to date
Crate bin-prot
Dependencies (3 total, 1 outdated)
Crate Required Latest Status byteorder ^1.4
1.5.0
up to date num ^0.4
0.4.3
up to date thiserror ^1
2.0.12
out of date
Crate bin_prot_checker
No external dependencies! 🙌
Crate test-fixtures
Dependencies (1 total, all up-to-date)
Crate Required Latest Status serde ^1
1.0.219
up to date
Crate test-serialization
Dev dependencies (6 total, 2 outdated)
Crate mina-serialization-types
Dependencies (1 total, all up-to-date)
Crate Required Latest Status serde ^1
1.0.219
up to date
Dev dependencies (3 total, all up-to-date)
Crate mina-serialization-types-macros
No external dependencies! 🙌
Crate versioned
No external dependencies! 🙌
Crate mina-secrets
Dependencies (2 total, 1 outdated)
Dev dependencies (2 total, all up-to-date)
Security Vulnerabilities libp2p
: libp2p Lack of resource management DoSRUSTSEC-2022-0084
libp2p allows a potential attacker to cause victim p2p node to run out of memory
The out of memory failure can cause crashes where libp2p is intended to be used
within large scale networks leading to potential Denial of Service (DoS) vector
Users should upgrade or reference the DoS mitigation strategies .
tokio
: reject_remote_clients Configuration corruptionRUSTSEC-2023-0001
On Windows, configuring a named pipe server with pipe_mode will force ServerOptions ::reject_remote_clients as false
.
This drops any intended explicit configuration for the reject_remote_clients that may have been set as true
previously.
The default setting of reject_remote_clients is normally true
meaning the default is also overridden as false
.
Workarounds
Ensure that pipe_mode is set first after initializing a ServerOptions . For example:
let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);
Patched
>=1.18.4, <1.19.0
>=1.20.3, <1.21.0
>=1.23.1