You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A vulnerability has been discovered in the version of Tungstenite used in this crate. Unfortunately, upgrading to the newest version causes this crate to no longer compile. Not sure what the best way forward is. Creating this issue to raise awareness and hopefully find a way to be able to upgrade.
To generate the output below requires cargo deny to be installed cargo install cargo-deny
Output of cargo deny check advisories
2023-10-04 22:42:09 [WARN] unable to find a config path, falling back to default config
error[vulnerability]: Tungstenite allows remote attackers to cause a denial of service
┌─ /home/user/serenity/Cargo.lock:137:1
│
137 │ tungstenite 0.17.3 registry+https://github.com/rust-lang/crates.io-index
│ ------------------------------------------------------------------------ security vulnerability detected
│
= ID: RUSTSEC-2023-0065
= Advisory: https://rustsec.org/advisories/RUSTSEC-2023-0065
= The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause
a denial of service (minutes of CPU consumption) via an excessive length of an
HTTP header in a client handshake. The length affects both how many times a parse
is attempted (e.g., thousands of times) and the average amount of data for each
parse attempt (e.g., millions of bytes).
= Announcement: https://github.com/snapview/tungstenite-rs/issues/376
= Solution: Upgrade to >=0.20.1
= tungstenite v0.17.3
└── async-tungstenite v0.17.2
└── serenity v0.11.6
advisories FAILED
The text was updated successfully, but these errors were encountered:
A vulnerability has been discovered in the version of Tungstenite used in this crate. Unfortunately, upgrading to the newest version causes this crate to no longer compile. Not sure what the best way forward is. Creating this issue to raise awareness and hopefully find a way to be able to upgrade.
To generate the output below requires cargo deny to be installed
cargo install cargo-deny
Output of
cargo deny check advisories
The text was updated successfully, but these errors were encountered: