This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.
fleetfs(20 total, 4 outdated, 2 possibly insecure)
| Crate | Required | Latest | Status |
|---|---|---|---|
| futures | ^0.3 | 0.3.32 | up to date |
| futures-util | ^0.3.8 | 0.3.32 | up to date |
| tokio-util | ^0.7.0 | 0.7.18 | up to date |
| tokio | ^1.28 | 1.51.0 | up to date |
| clap | ^4.4.6 | 4.6.0 | up to date |
| log | ^0.4 | 0.4.29 | up to date |
| env_logger | ^0.11.5 | 0.11.10 | up to date |
| slog-stdlog | ^4.1 | 4.1.1 | up to date |
| slog | ^2.7 | 2.8.2 | up to date |
| fuser | ^0.17.0 | 0.17.0 | up to date |
| rkyv ⚠️ | ^0.8.8 | 0.8.15 | maybe insecure |
| redb | ^3.0.0 | 4.0.0 | out of date |
| redb-derive | ^0.1.0 | 0.1.0 | up to date |
| libc | ^0.2 | 0.2.184 | up to date |
| byteorder | ^1.3 | 1.5.0 | up to date |
| sha2 | ^0.10 | 0.11.0 | out of date |
| walkdir | ^2.3 | 2.5.0 | up to date |
| fleetfs_raft | ^0.6 | 0.6.0 | up to date |
| protobuf ⚠️ | ^2.24 | 3.7.2 | out of date |
| rand | ^0.9 | 0.10.0 | out of date |
(1 total, all up-to-date)
| Crate | Required | Latest | Status |
|---|---|---|---|
| tempfile | ^3.1 | 3.27.0 | up to date |
protobuf: Crash due to uncontrolled recursion in protobuf crateAffected version of this crate did not properly parse unknown fields when parsing a user-supplied input.
This allows an attacker to cause a stack overflow when parsing the mssage on untrusted data.
rkyv: Potential Undefined Behaviors in `Arc<T>`/`Rc<T>` impls of `from_value` on OOMThe SharedPointer::alloc implementation for sync::Arc<T> and rc::Rc<T> in rkyv/src/impls/alloc/rc/atomic.rs (and rc.rs) does not check if the allocator returns a null pointer on OOM (Out of Memory).
This null pointer can flow through to SharedPointer::from_value, which calls Box::from_raw(ptr) with the null pointer. This triggers undefined behavior when utilizing safe deserialization APIs (such as rkyv::from_bytes or rkyv::deserialize_using) if an OOM condition occurs during the allocation of the shared pointer.
The issue is reachable through safe code and violates Rust's safety guarantees.