Deps.rs

jedisct1 / flowgger

[![dependency status](https://deps.rs/repo/github/jedisct1/flowgger/status.svg)](https://deps.rs/repo/github/jedisct1/flowgger)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate flowgger

Dependencies

(16 total, 8 outdated, 2 possibly insecure)

CrateRequiredLatestStatus
 capnp ⚠️^0.140.21.0out of date
 clap^44.5.38up to date
 flate2^11.1.1up to date
 glob^0.30.3.2up to date
 kafka^0.80.10.0out of date
 log^0.40.4.27up to date
 notify^4.08.0.0out of date
 openssl ⚠️~0.100.10.72maybe insecure
 rand^0.80.9.1out of date
 redis^0.210.31.0out of date
 serde^11.0.219up to date
 serde_json~0.81.0.140out of date
 may~0.30.3.51up to date
 toml^0.50.8.22out of date
 time^0.30.3.41up to date
 time-tz^0.32.0.0out of date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 tempdir^0.30.3.7up to date
 quickcheck^11.0.3up to date

Build dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 capnpc^0.100.21.0out of date

Security Vulnerabilities

capnp: out-of-bounds read possible when setting list-of-pointers

RUSTSEC-2022-0068

If a message consumer expects data of type "list of pointers", and if the consumer performs certain specific actions on such data, then a message producer can cause the consumer to read out-of-bounds memory. This could trigger a process crash in the consumer, or in some cases could allow exfiltration of private in-memory data.

The C++ Cap'n Proto library is also affected by this bug. See the advisory on the main Cap'n Proto repo for a succinct description of the exact circumstances in which the problem can arise.

openssl: Use-After-Free in `Md::fetch` and `Cipher::fetch`

RUSTSEC-2025-0022

When a Some(...) value was passed to the properties argument of either of these functions, a use-after-free would result.

In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to CString::drop's behavior).

The maintainers thank quitbug for reporting this vulnerability to us.