This project might be open to known security vulnerabilities , which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom .
Crate stronghold_engine
Dependencies (10 total, 1 outdated)
Dev dependencies (4 total, all up-to-date)
Crate stronghold-runtime
Dependencies (9 total, 2 outdated)
Dev dependencies (4 total, 1 outdated)
Crate stronghold_native
Dependencies (8 total, 3 outdated, 1 possibly insecure)
Crate iota_stronghold
Dependencies (9 total, 1 outdated)
Dev dependencies (11 total, 3 outdated, 1 possibly insecure)
Crate Required Latest Status tokio ⚠️ ^1.15.0
1.26.0
maybe insecure criterion ^0.4
0.4.0
up to date env_logger ^0.9.0
0.10.0
out of date ctor ^0.1.21
0.1.26
up to date rand ^0.8.4
0.8.5
up to date clap ^3.1.6
4.1.13
out of date log ^0.4.14
0.4.17
up to date base64 ^0.13.0
0.21.0
out of date regex ^1.5.5
1.7.3
up to date libc ^0.2
0.2.140
up to date threadpool ^1.8
1.8.1
up to date
Crate stronghold-utils
Dependencies (1 total, all up-to-date)
Crate Required Latest Status rand ^0.8.3
0.8.5
up to date
Crate stronghold-derive
Dependencies (3 total, 1 outdated)
Crate Required Latest Status syn ^1.0
2.0.10
out of date quote ^1.0
1.0.26
up to date proc-macro2 ^1.0
1.0.53
up to date
Security Vulnerabilities tokio
: reject_remote_clients Configuration corruptionRUSTSEC-2023-0001
On Windows, configuring a named pipe server with pipe_mode will force ServerOptions ::reject_remote_clients as false
.
This drops any intended explicit configuration for the reject_remote_clients that may have been set as true
previously.
The default setting of reject_remote_clients is normally true
meaning the default is also overridden as false
.
Workarounds
Ensure that pipe_mode is set first after initializing a ServerOptions . For example:
let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);
Patched
>=1.18.4, <1.19.0
>=1.20.3, <1.21.0
>=1.23.1