This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate coreutils

Dependencies

(7 total, 3 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 clap_complete^3.14.0.2out of date
 once_cell^1.13.11.15.0up to date
 phf^0.10.10.11.1out of date
 selinux^0.30.3.0up to date
 textwrap^0.150.15.1up to date
 zip^0.6.00.6.2up to date

Dev dependencies

(15 total, 1 possibly insecure)

CrateRequiredLatestStatus
 chrono ⚠️^0.4.190.4.22maybe insecure
 conv^0.30.3.3up to date
 filetime^0.20.2.17up to date
 glob^0.3.00.3.0up to date
 libc^0.20.2.134up to date
 pretty_assertions^11.3.0up to date
 rand^0.80.8.5up to date
 regex^1.61.6.0up to date
 sha1^0.100.10.5up to date
 tempfile^33.3.0up to date
 time^0.30.3.14up to date
 unindent^0.10.1.10up to date
 walkdir^2.22.3.2up to date
 atty^0.20.2.14up to date
 hex-literal^0.3.10.3.4up to date

Build dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 phf_codegen^0.10.00.11.1out of date

Crate uucore

Dependencies

(14 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 dns-lookup^1.0.51.0.8up to date
 dunce^1.0.01.0.2up to date
 wild^2.02.1.0up to date
 glob^0.3.00.3.0up to date
 itertools^0.10.00.10.5up to date
 thiserror^1.01.0.37up to date
 time^0.30.3.14up to date
 data-encoding^2.12.3.2up to date
 data-encoding-macro^0.1.120.1.12up to date
 z85^3.0.53.0.5up to date
 libc^0.2.1320.2.134up to date
 once_cell^1.13.11.15.0up to date
 os_display^0.1.30.1.3up to date

Dev dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 once_cell^1.131.15.0up to date

Crate uu_test

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 libc^0.2.1320.2.134up to date

Crate uu_arch

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 platform-info^1.0.01.0.0up to date
 clap^3.24.0.9out of date

Crate uu_base32

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_base64

No external dependencies! 🙌

Crate uu_basename

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_basenc

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_cat

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 thiserror^1.01.0.37up to date
 atty^0.20.2.14up to date

Crate uu_chcon

Dependencies

(5 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 selinux^0.30.3.0up to date
 fts-sys^0.20.2.2up to date
 thiserror^1.01.0.37up to date
 libc^0.20.2.134up to date

Crate uu_chgrp

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_chmod

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 libc^0.2.1320.2.134up to date

Crate uu_chown

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_chroot

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_cksum

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_comm

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_cp

Dependencies

(6 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 filetime^0.20.2.17up to date
 libc^0.2.1320.2.134up to date
 quick-error^2.0.12.0.1up to date
 selinux^0.30.3.0up to date
 walkdir^2.22.3.2up to date

Crate uu_csplit

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 thiserror^1.01.0.37up to date
 regex^1.6.01.6.0up to date

Crate uu_cut

Dependencies

(4 total, 2 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 memchr^22.5.0up to date
 bstr^0.21.0.1out of date
 atty^0.20.2.14up to date

Crate uu_date

Dependencies

(2 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 chrono ⚠️^0.4.190.4.22maybe insecure
 clap^3.24.0.9out of date

Crate uu_dd

Dependencies

(4 total, 1 outdated)

CrateRequiredLatestStatus
 byte-unit^4.04.0.14up to date
 clap^3.24.0.9out of date
 gcd^2.02.1.0up to date
 libc^0.20.2.134up to date

Crate uu_df

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 unicode-width^0.1.90.1.10up to date

Crate uu_dir

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 selinux^0.30.3.0up to date

Crate uu_dircolors

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 glob^0.3.00.3.0up to date

Crate uu_dirname

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_du

Dependencies

(3 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 chrono ⚠️^0.4.190.4.22maybe insecure
 glob^0.3.00.3.0up to date
 clap^3.24.0.9out of date

Crate uu_echo

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_env

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 rust-ini^0.18.00.18.0up to date

Crate uu_expand

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 unicode-width^0.1.50.1.10up to date

Crate uu_expr

Dependencies

(4 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 num-bigint^0.4.00.4.3up to date
 num-traits^0.2.150.2.15up to date
 onig~6.46.4.0up to date

Crate uu_factor

Dependencies

(5 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 coz^0.1.30.1.3up to date
 num-traits^0.2.150.2.15up to date
 rand^0.80.8.5up to date
 smallvec^1.91.10.0up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 paste^1.0.61.0.9up to date
 quickcheck^1.0.31.0.3up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 num-traits^0.2.150.2.15up to date

Crate uu_false

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_fmt

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 unicode-width^0.1.50.1.10up to date

Crate uu_fold

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_groups

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_hashsum

Dependencies

(11 total, 1 outdated)

CrateRequiredLatestStatus
 digest^0.10.50.10.5up to date
 clap^3.24.0.9out of date
 hex^0.4.30.4.3up to date
 memchr^22.5.0up to date
 md-5^0.10.50.10.5up to date
 regex^1.6.01.6.0up to date
 sha1^0.10.10.10.5up to date
 sha2^0.10.20.10.6up to date
 sha3^0.10.20.10.5up to date
 blake2b_simd^1.0.01.0.0up to date
 blake3^1.3.11.3.1up to date

Crate uu_head

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 memchr^22.5.0up to date

Crate uu_hostid

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 libc^0.2.1320.2.134up to date

Crate uu_hostname

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 hostname^0.30.3.1up to date

Crate uu_id

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 selinux^0.30.3.0up to date

Crate uu_install

Dependencies

(4 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 filetime^0.20.2.17up to date
 file_diff^1.0.01.0.0up to date
 libc>=0.20.2.134up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 time^0.30.3.14up to date

Crate uu_join

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 memchr^22.5.0up to date

Crate uu_kill

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 nix^0.250.25.0up to date

Crate uu_link

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_ln

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_ls

Dependencies

(11 total, 2 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 chrono ⚠️^0.4.190.4.22maybe insecure
 clap^3.24.0.9out of date
 unicode-width^0.1.80.1.10up to date
 number_prefix^0.40.4.0up to date
 term_grid^0.1.50.2.0out of date
 terminal_size^0.2.10.2.1up to date
 glob^0.3.00.3.0up to date
 lscolors^0.12.00.12.0up to date
 once_cell^1.13.11.15.0up to date
 atty^0.20.2.14up to date
 selinux^0.30.3.0up to date

Crate uu_logname

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 libc^0.2.1320.2.134up to date
 clap^3.24.0.9out of date

Crate uu_mkdir

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_mkfifo

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 libc^0.2.1320.2.134up to date

Crate uu_mknod

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 libc^0.2.1320.2.134up to date

Crate uu_mktemp

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 rand^0.80.8.5up to date
 tempfile^33.3.0up to date

Crate uu_more

Dependencies

(5 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 crossterm>=0.190.25.0up to date
 atty^0.20.2.14up to date
 unicode-width^0.1.70.1.10up to date
 unicode-segmentation^1.9.01.10.0up to date

Crate uu_mv

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 fs_extra^1.1.01.2.0up to date

Crate uu_nice

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 libc^0.2.1320.2.134up to date
 nix^0.250.25.0up to date

Crate uu_nl

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 regex^1.6.01.6.0up to date

Crate uu_nohup

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 libc^0.2.1320.2.134up to date
 atty^0.20.2.14up to date

Crate uu_nproc

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 libc^0.2.1320.2.134up to date
 num_cpus^1.101.13.1up to date
 clap^3.24.0.9out of date

Crate uu_numfmt

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_od

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 byteorder^1.3.21.4.3up to date
 clap^3.24.0.9out of date
 half^2.12.1.0up to date

Crate uu_paste

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_pathchk

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 libc^0.2.1320.2.134up to date

Crate uu_pinky

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_pr

Dependencies

(5 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 time^0.30.3.14up to date
 quick-error^2.0.12.0.1up to date
 itertools^0.10.00.10.5up to date
 regex^1.61.6.0up to date

Crate uu_printenv

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_printf

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_ptx

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 regex^1.6.01.6.0up to date

Crate uu_pwd

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_readlink

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_realpath

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_relpath

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_rm

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 walkdir^2.22.3.2up to date
 remove_dir_all^0.7.00.7.0up to date

Crate uu_rmdir

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 libc^0.2.1320.2.134up to date

Crate uu_runcon

Dependencies

(4 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 selinux^0.30.3.0up to date
 thiserror^1.01.0.37up to date
 libc^0.20.2.134up to date

Crate uu_seq

Dependencies

(4 total, 1 outdated)

CrateRequiredLatestStatus
 bigdecimal^0.30.3.0up to date
 clap^3.24.0.9out of date
 num-bigint^0.4.00.4.3up to date
 num-traits^0.2.150.2.15up to date

Crate uu_shred

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 rand^0.80.8.5up to date

Crate uu_shuf

Dependencies

(4 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 memchr^2.5.02.5.0up to date
 rand^0.80.8.5up to date
 rand_core^0.60.6.4up to date

Crate uu_sleep

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_sort

Dependencies

(12 total, 2 outdated)

CrateRequiredLatestStatus
 binary-heap-plus^0.4.10.5.0out of date
 clap^3.24.0.9out of date
 compare^0.1.00.1.0up to date
 ctrlc^3.03.2.3up to date
 fnv^1.0.71.0.7up to date
 itertools^0.10.00.10.5up to date
 memchr^2.5.02.5.0up to date
 ouroboros^0.15.50.15.5up to date
 rand^0.80.8.5up to date
 rayon^1.51.5.3up to date
 tempfile^33.3.0up to date
 unicode-width^0.1.80.1.10up to date

Crate uu_split

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 memchr^22.5.0up to date

Crate uu_stat

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_stdbuf

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 tempfile^33.3.0up to date

Crate uu_stty

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.14.0.9out of date
 nix^0.250.25.0up to date

Crate uu_sum

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_sync

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 libc^0.2.1320.2.134up to date

Crate uu_tac

Dependencies

(4 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 memchr^22.5.0up to date
 memmap2^0.50.5.7up to date
 regex ⚠️^11.6.0maybe insecure
 clap^3.24.0.9out of date

Crate uu_tail

Dependencies

(5 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 libc^0.2.1320.2.134up to date
 memchr^2.5.02.5.0up to date
 notify=5.0.05.0.0up to date
 same-file^1.0.61.0.6up to date

Crate uu_tee

Dependencies

(3 total, 2 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 libc^0.2.1320.2.134up to date
 retain_mut=0.1.70.1.9out of date

Crate uu_timeout

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 libc^0.2.1320.2.134up to date
 nix^0.250.25.0up to date

Crate uu_touch

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 filetime^0.2.170.2.17up to date
 clap^3.24.0.9out of date
 time^0.30.3.14up to date

Crate uu_tr

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 nom^7.1.17.1.1up to date
 clap^3.24.0.9out of date

Crate uu_true

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_truncate

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_tsort

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_tty

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 nix^0.250.25.0up to date
 atty^0.20.2.14up to date

Crate uu_uname

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 platform-info^1.0.01.0.0up to date

Crate uu_unexpand

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 unicode-width^0.1.50.1.10up to date

Crate uu_uniq

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 strum^0.24.10.24.1up to date
 strum_macros^0.24.20.24.3up to date

Crate uu_unlink

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_uptime

Dependencies

(2 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 chrono ⚠️^0.4.190.4.22maybe insecure
 clap^3.24.0.9out of date

Crate uu_users

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_vdir

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 selinux^0.30.3.0up to date

Crate uu_wc

Dependencies

(4 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 bytecount^0.6.30.6.3up to date
 utf-8^0.7.60.7.6up to date
 unicode-width^0.1.80.1.10up to date

Crate uu_who

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_whoami

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date

Crate uu_yes

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^3.24.0.9out of date
 libc^0.2.1320.2.134up to date

Crate uucore_procs

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 proc-macro2^1.01.0.46up to date
 quote^1.01.0.21up to date

Crate uu_stdbuf_libstdbuf

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 cpp^0.50.5.7up to date
 libc^0.20.2.134up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 cpp_build^0.50.5.7up to date

Security Vulnerabilities

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References

regex: Regexes with large repetitions on empty sub-expressions take a very long time to parse

RUSTSEC-2022-0013

The Rust Security Response WG was notified that the regex crate did not properly limit the complexity of the regular expressions (regex) it parses. An attacker could use this security issue to perform a denial of service, by sending a specially crafted regex to a service accepting untrusted regexes. No known vulnerability is present when parsing untrusted input with trusted regexes.

This issue has been assigned CVE-2022-24713. The severity of this vulnerability is "high" when the regex crate is used to parse untrusted regexes. Other uses of the regex crate are not affected by this vulnerability.

Overview

The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API.

Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes.

Affected versions

All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5.

Mitigations

We recommend everyone accepting user-controlled regexes to upgrade immediately to the latest version of the regex crate.

Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, we do not recommend denying known problematic regexes.

Acknowledgements

We want to thank Addison Crump for responsibly disclosing this to us according to the Rust security policy, and for helping review the fix.

We also want to thank Andrew Gallant for developing the fix, and Pietro Albini for coordinating the disclosure and writing this advisory.