This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate dummyhttp

Dependencies

(18 total, 1 possibly insecure)

CrateRequiredLatestStatus
 Inflector^0.110.11.4up to date
 anyhow^11.0.97up to date
 axum^0.80.8.3up to date
 axum-server^0.70.7.2up to date
 chrono^0.4.400.4.40up to date
 clap^44.5.35up to date
 clap_complete^44.5.47up to date
 clap_mangen^0.20.2.26up to date
 colored^33.0.0up to date
 colored_json^55.0.0up to date
 hyper^11.6.0up to date
 lipsum^0.90.9.1up to date
 rustls ⚠️^0.23.140.23.25maybe insecure
 serde_json^1.01.0.140up to date
 tera^11.20.0up to date
 tokio^1.441.44.2up to date
 tower^0.50.5.2up to date
 uuid^11.16.0up to date

Dev dependencies

(8 total, all up-to-date)

CrateRequiredLatestStatus
 assert_cmd^2.02.0.16up to date
 port_check^0.20.2.1up to date
 predicates^33.1.3up to date
 pretty_assertions^1.21.4.1up to date
 reqwest^0.120.12.15up to date
 rstest^0.250.25.0up to date
 rstest_reuse^0.7.00.7.0up to date
 url^2.52.5.4up to date

Security Vulnerabilities

rustls: rustls network-reachable panic in `Acceptor::accept`

RUSTSEC-2024-0399

A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept() are affected.

Servers that use tokio-rustls's LazyConfigAcceptor API are affected.

Servers that use tokio-rustls's TlsAcceptor API are not affected.

Servers that use rustls-ffi's rustls_acceptor_accept API are affected.