This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.
starling(26 total, 6 outdated, 2 possibly insecure)
| Crate | Required | Latest | Status |
|---|---|---|---|
| bincode | ^1.3.3 | 2.0.1 | out of date |
| blake2-rfc | ^0.2.18 | 0.2.18 | up to date |
| serde | ^1.0.138 | 1.0.219 | up to date |
| serde_json | ^1.0.82 | 1.0.140 | up to date |
| ciborium | ^0.2.0 | 0.2.2 | up to date |
| serde_yaml | ^0.8.24 | 0.9.34+deprecated | out of date |
| serde-pickle | ^1.1.1 | 1.2.0 | up to date |
| ron | ^0.7.1 | 0.10.1 | out of date |
| groestl | ^0.10.1 | 0.10.1 | up to date |
| openssl ⚠️ | ^0.10.40 | 0.10.72 | maybe insecure |
| tiny-keccak | ^2.0.2 | 2.0.2 | up to date |
| hashbrown | ^0.12.1 | 0.15.2 | out of date |
| rocksdb ⚠️ | ^0.18.0 | 0.23.0 | out of date |
| seahash | ^4.1.0 | 4.1.0 | up to date |
| fxhash | ^0.2.1 | 0.2.1 | up to date |
| rand | ^0.8.5 | 0.9.1 | out of date |
| digest | ^0.10.3 | 0.10.7 | up to date |
| blake2 | ^0.10.4 | 0.10.6 | up to date |
| md2 | ^0.10.1 | 0.10.2 | up to date |
| md4 | ^0.10.1 | 0.10.2 | up to date |
| md-5 | ^0.10.1 | 0.10.6 | up to date |
| ripemd | ^0.1.1 | 0.1.3 | up to date |
| sha-1 | ^0.10.0 | 0.10.1 | up to date |
| sha2 | ^0.10.2 | 0.10.8 | up to date |
| sha3 | ^0.10.1 | 0.10.8 | up to date |
| whirlpool | ^0.10.1 | 0.10.4 | up to date |
(2 total, 2 outdated)
| Crate | Required | Latest | Status |
|---|---|---|---|
| criterion | ^0.3.5 | 0.5.1 | out of date |
| rand | ^0.8.5 | 0.9.1 | out of date |
rocksdb: Out-of-bounds read when opening multiple column families with TTLAffected versions of this crate called the RocksDB C API
rocksdb_open_column_families_with_ttl() with a pointer to a single integer
TTL value, but one TTL value for each column family is expected.
This is only relevant when using
rocksdb::DBWithThreadMode::open_cf_descriptors_with_ttl() with multiple
column families.
This bug has been fixed in v0.19.0.
openssl: Use-After-Free in `Md::fetch` and `Cipher::fetch`When a Some(...) value was passed to the properties argument of either of these functions, a use-after-free would result.
In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to CString::drop's behavior).
The maintainers thank quitbug for reporting this vulnerability to us.