This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate saphir

Dependencies

(25 total, 5 outdated, 1 insecure)

CrateRequiredLatestStatus
 log^0.40.4.14up to date
 hyper^0.13.60.14.9insecure
 tokio^0.2.131.7.0out of date
 futures^0.30.3.15up to date
 futures-util^0.30.3.15up to date
 tower-service^0.30.3.1up to date
 saphir-cookie^0.13.20.13.2up to date
 http^0.20.2.4up to date
 http-body^0.30.4.2out of date
 parking_lot^0.110.11.1up to date
 regex^1.31.5.4up to date
 uuid^0.80.8.2up to date
 rustls^0.180.19.1out of date
 tokio-rustls^0.140.22.0out of date
 base64^0.130.13.0up to date
 serde^1.01.0.126up to date
 serde_json^1.01.0.64up to date
 serde_urlencoded^0.70.7.0up to date
 mime^0.30.3.16up to date
 nom^66.1.2up to date
 mime_guess^2.0.32.0.3up to date
 percent-encoding^2.1.02.1.0up to date
 chrono^0.4.110.4.19up to date
 flate2^1.0.131.0.20up to date
 brotli^3.3.03.3.0up to date

Dev dependencies

(5 total, all up-to-date)

CrateRequiredLatestStatus
 tokio-timer^0.2.130.2.13up to date
 env_logger^0.80.8.4up to date
 serde^1.01.0.126up to date
 serde_derive^1.01.0.126up to date
 mime^0.30.3.16up to date

Crate saphir_macro

Dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 proc-macro2^1.01.0.27up to date
 quote^1.01.0.9up to date
 syn^1.0.161.0.73up to date
 http^0.20.2.4up to date

Crate saphir-cli

Dependencies

(12 total, 1 outdated)

CrateRequiredLatestStatus
 syn^1.0.161.0.73up to date
 structopt^0.30.3.21up to date
 serde^1.01.0.126up to date
 serde_derive^1.01.0.126up to date
 serde_yaml^0.8.150.8.17up to date
 toml^0.5.60.5.8up to date
 convert_case^0.4.00.4.0up to date
 cargo_metadata^0.12.00.13.1out of date
 lazycell^1.2.11.3.0up to date
 http^0.2.10.2.4up to date
 once_cell^1.4.11.8.0up to date
 regex^11.5.4up to date

Security Vulnerabilities

hyper: Multiple Transfer-Encoding headers misinterprets request payload

RUSTSEC-2021-0020

hyper's HTTP server code had a flaw that incorrectly understands some requests with multiple transfer-encoding headers to have a chunked payload, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that understands the request payload boundary differently can result in "request smuggling" or "desync attacks".