This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.
rocksdb(1 total, all up-to-date)
| Crate | Required | Latest | Status |
|---|---|---|---|
| libc | ^0.2.11 | 0.2.153 | up to date |
(4 total, 2 outdated)
| Crate | Required | Latest | Status |
|---|---|---|---|
| crc | ^1.8 | 3.2.1 | out of date |
| lazy_static | ^1.4.0 | 1.4.0 | up to date |
| rand | ^0.7 | 0.8.5 | out of date |
| tempfile | ^3.1 | 3.10.1 | up to date |
librocksdb_sys(7 total, 1 possibly insecure)
| Crate | Required | Latest | Status |
|---|---|---|---|
| bzip2-sys | ^0.1.11 | 0.1.11+1.0.8 | up to date |
| libc | ^0.2.11 | 0.2.153 | up to date |
| libz-sys | ^1.1 | 1.1.16 | up to date |
| openssl-sys | ^0.9.54 | 0.9.102 | up to date |
| zstd-sys | ^2.0.1 | 2.0.10+zstd.1.5.6 | up to date |
| lz4-sys ⚠️ | ^1.9 | 1.9.4 | maybe insecure |
| tikv-jemalloc-sys | ^0.5.0 | 0.5.4+5.3.0-patched | up to date |
(1 total, all up-to-date)
| Crate | Required | Latest | Status |
|---|---|---|---|
| tempfile | ^3.1 | 3.10.1 | up to date |
(3 total, 1 outdated)
| Crate | Required | Latest | Status |
|---|---|---|---|
| cc | ^1.0.3 | 1.0.95 | up to date |
| cmake | ^0.1 | 0.1.50 | up to date |
| bindgen | ^0.65 | 0.69.4 | out of date |
libtitan_sys(5 total, 1 possibly insecure)
| Crate | Required | Latest | Status |
|---|---|---|---|
| bzip2-sys | ^0.1.8 | 0.1.11+1.0.8 | up to date |
| libc | ^0.2.11 | 0.2.153 | up to date |
| libz-sys | ^1.1 | 1.1.16 | up to date |
| zstd-sys | ^2.0.1 | 2.0.10+zstd.1.5.6 | up to date |
| lz4-sys ⚠️ | ^1.9 | 1.9.4 | maybe insecure |
(2 total, all up-to-date)
| Crate | Required | Latest | Status |
|---|---|---|---|
| cc | ^1.0.3 | 1.0.95 | up to date |
| cmake | ^0.1 | 0.1.50 | up to date |
lz4-sys: Memory corruption in liblz4lz4-sys up to v1.9.3 bundles a version of liblz4 that is vulnerable to CVE-2021-3520.
Attackers could craft a payload that triggers an integer overflow upon decompression, causing an out-of-bounds write.
The flaw has been corrected in version v1.9.4 of liblz4, which is included in lz4-sys 1.9.4.