This project might be open to known security vulnerabilities , which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom .
Crate stronghold_engine Dependencies (10 total, 1 outdated)
Dev dependencies (4 total, all up-to-date)
Crate stronghold-runtime Dependencies (9 total, 2 outdated)
Dev dependencies (4 total, 1 outdated)
Crate stronghold_native Dependencies (8 total, 3 outdated, 1 possibly insecure)
Crate iota_stronghold Dependencies (9 total, 1 outdated)
Dev dependencies (11 total, 3 outdated, 1 possibly insecure)
Crate Required Latest Status tokio ⚠️ ^1.15.01.26.0maybe insecure criterion ^0.40.4.0up to date env_logger ^0.9.00.10.0out of date ctor ^0.1.210.1.26up to date rand ^0.8.40.8.5up to date clap ^3.1.64.1.13out of date log ^0.4.140.4.17up to date base64 ^0.13.00.21.0out of date regex ^1.5.51.7.3up to date libc ^0.20.2.140up to date threadpool ^1.81.8.1up to date
Crate stronghold-utils Dependencies (1 total, all up-to-date)
Crate Required Latest Status rand ^0.8.30.8.5up to date
Crate stronghold-derive Dependencies (3 total, 1 outdated)
Crate Required Latest Status syn ^1.02.0.10out of date quote ^1.01.0.26up to date proc-macro2 ^1.01.0.53up to date
Security Vulnerabilities tokio: reject_remote_clients Configuration corruptionRUSTSEC-2023-0001
On Windows, configuring a named pipe server with pipe_mode will force ServerOptions ::reject_remote_clients as false.
This drops any intended explicit configuration for the reject_remote_clients that may have been set as true previously.
The default setting of reject_remote_clients is normally true meaning the default is also overridden as false.
Workarounds
Ensure that pipe_mode is set first after initializing a ServerOptions . For example:
let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);
Patched
>=1.18.4, <1.19.0
>=1.20.3, <1.21.0
>=1.23.1
