This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate rofuse

Dependencies

(11 total, 4 outdated, 1 insecure)

CrateRequiredLatestStatus
 flexi_logger^0.19.50.31.2out of date
 libc^0.2.510.2.174up to date
 log^0.4.60.4.27up to date
 memchr^22.7.5up to date
 memmap2^0.5.00.9.5out of date
 page_size^0.4.20.6.0out of date
 serde^1.0.1021.0.219up to date
 smallvec^1.6.11.15.1up to date
 structopt^0.30.3.26up to date
 users ⚠️^0.11.00.11.0insecure
 zerocopy^0.6.00.8.26out of date

Dev dependencies

(5 total, 3 outdated)

CrateRequiredLatestStatus
 bincode^1.3.12.0.1out of date
 clap^2.324.5.40out of date
 env_logger^0.80.11.8out of date
 serde^1.0.1021.0.219up to date
 tempfile^33.20.0up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 pkg-config^0.3.140.3.32up to date

Security Vulnerabilities

users: `root` appended to group listings

RUSTSEC-2025-0040

Affected versions append root to group listings, unless the correct listing has exactly 1024 groups.

This affects both:

  • The supplementary groups of a user
  • The group access list of the current process

If the caller uses this information for access control, this may lead to privilege escalation.

This crate is not currently maintained, so a patched version is not available.

Versions older than 0.8.0 do not contain the affected functions, so downgrading to them is a workaround.

Recommended alternatives

  • uzers (an actively maintained fork of the users crate)
  • sysinfo