You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Crate: openssl
Version: 0.10.45
Title: `openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read
Date: 2023-03-24
ID: RUSTSEC-2023-0023
URL: https://rustsec.org/advisories/RUSTSEC-2023-0023
Solution: Upgrade to >=0.10.48
Dependency tree:
openssl 0.10.45
└── native-tls 0.2.11
├── tokio-native-tls 0.3.0
│ └── hyper-tls 0.5.0
│ └── aws-smithy-client 0.0.0-smithy-rs-head
└── hyper-tls 0.5.0
Crate: openssl
Version: 0.10.45
Title: `openssl` `X509NameBuilder::build` returned object is not thread safe
Date: 2023-03-24
ID: RUSTSEC-2023-0022
URL: https://rustsec.org/advisories/RUSTSEC-2023-0022
Solution: Upgrade to >=0.10.48
Crate: openssl
Version: 0.10.45
Title: `openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference
Date: 2023-03-24
ID: RUSTSEC-2023-0024
URL: https://rustsec.org/advisories/RUSTSEC-2023-0024
Solution: Upgrade to >=0.10.48
Crate: remove_dir_all
Version: 0.5.3
Title: Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU)
Date: 2023-02-24
ID: RUSTSEC-2023-0018
URL: https://rustsec.org/advisories/RUSTSEC-2023-0018
Solution: Upgrade to >=0.8.0
Dependency tree:
error: 4 vulnerabilities found!
These need to be fixed.
On top of that, we need to add a non-blocking CI action to check for vulnerabilities (the check only runs in aws-sdk-rust today so vulnerabilities won't get caught until later).
The text was updated successfully, but these errors were encountered:
cargo audit
has reported the following vulnerabilities insmithy-rs
:(from
aws/rust-runtime
)(from
rust-runtime
)These need to be fixed.
On top of that, we need to add a non-blocking CI action to check for vulnerabilities (the check only runs in
aws-sdk-rust
today so vulnerabilities won't get caught until later).The text was updated successfully, but these errors were encountered: