Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Rust crate serde_json to 1.0.134 #16

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Update Rust crate serde_json to 1.0.134

d625fb5
Select commit
Loading
Failed to load commit list.
Open

Update Rust crate serde_json to 1.0.134 #16

Update Rust crate serde_json to 1.0.134
d625fb5
Select commit
Loading
Failed to load commit list.
Mend/5034428 / Mend Security Check failed Dec 22, 2024 in 57s

Security Report

The Security Check found 72 vulnerabilities.

CVE Severity CVSS Score Exploit Maturity EPSS Vulnerable Library Suggested Fix Issue
WS-2023-0027

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> ❌ tokio-0.1.22.crate (Vulnerable Library)

Critical 9.8 Not Defined tokio-0.1.22.crate Upgrade to version: tokio - 1.18.5,1.20.4,1.24.2 None
WS-2023-0027

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> tokio-0.1.22.crate

       -> tokio-fs-0.1.7.crate

         -> ❌ tokio-io-0.1.13.crate (Vulnerable Library)

Critical 9.8 Not Defined tokio-io-0.1.13.crate Upgrade to version: tokio - 1.18.5,1.20.4,1.24.2 None
CVE-2022-2274

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

Critical 9.8 Not Defined 2.2% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: openssl-src - 300.0.9+3.0.5 None
CVE-2021-3711

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

Critical 9.8 Not Defined 3.8% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: OpenSSL_1_1_1l None
CVE-2021-32810

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> tokio-0.1.22.crate

       -> tokio-fs-0.1.7.crate

         -> tokio-threadpool-0.1.18.crate

           -> ❌ crossbeam-deque-0.7.3.crate (Vulnerable Library)

Critical 9.8 Not Defined 1.2% crossbeam-deque-0.7.3.crate Upgrade to version: crossbeam-deque - 0.7.4, 0.8.1 None
CVE-2021-25900

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> tokio-0.1.22.crate

       -> tokio-reactor-0.1.12.crate

         -> parking_lot-0.9.0.crate

           -> parking_lot_core-0.6.2.crate

             -> ❌ smallvec-0.6.13.crate (Vulnerable Library)

Critical 9.8 Not Defined 0.4% smallvec-0.6.13.crate Upgrade to version: 0.6.14;1.6.1 None
CVE-2020-25576

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> backoff-0.1.6.crate (Root Library)

   -> rand-0.6.5.crate

     -> rand_xorshift-0.1.1.crate

       -> ❌ rand_core-0.3.1.crate (Vulnerable Library)

Critical 9.8 Not Defined 0.2% rand_core-0.3.1.crate Upgrade to version: rand_core - 0.3.2, 0.4.2 None
CVE-2020-25575

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> ❌ failure-0.1.8.crate (Vulnerable Library)

Critical 9.8 Not Defined 1.2% failure-0.1.8.crate None
CVE-2019-25010

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> ❌ failure-0.1.8.crate (Vulnerable Library)

Critical 9.8 Not Defined 0.2% failure-0.1.8.crate None
CVE-2019-25009

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> rusoto_credential-0.13.0.crate

       -> hyper-0.12.35.crate

         -> http-body-0.1.0.crate

           -> ❌ http-0.1.21.crate (Vulnerable Library)

Critical 9.8 Not Defined 0.2% http-0.1.21.crate Upgrade to version: v0.1.21 None
WS-2023-0196

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> tokio-0.1.22.crate

       -> tokio-fs-0.1.7.crate

         -> tokio-threadpool-0.1.18.crate

           -> crossbeam-deque-0.7.3.crate

             -> crossbeam-epoch-0.8.2.crate

               -> ❌ memoffset-0.5.6.crate (Vulnerable Library)

Critical 9.1 Not Defined memoffset-0.5.6.crate Upgrade to version: memoffset - 0.6.2 None
WS-2023-0195

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> ❌ openssl-0.10.30.crate (Vulnerable Library)

Critical 9.1 Not Defined openssl-0.10.30.crate Upgrade to version: openssl - 0.10.55 None
WS-2023-0045

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> tempfile-3.1.0.crate

           -> ❌ remove_dir_all-0.5.3.crate (Vulnerable Library)

Critical 9.1 Not Defined remove_dir_all-0.5.3.crate Upgrade to version: remove_dir_all - 0.8.0 None
WS-2022-0049

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> rusoto_credential-0.13.0.crate

       -> regex-0.2.11.crate

         -> ❌ thread_local-0.3.4.crate (Vulnerable Library)

High 8.1 Not Defined thread_local-0.3.4.crate Upgrade to version: thread_local - 1.1.4 None
CVE-2022-23639

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> tokio-0.1.22.crate

       -> tokio-executor-0.1.10.crate

         -> ❌ crossbeam-utils-0.7.2.crate (Vulnerable Library)

High 8.1 Not Defined 0.4% crossbeam-utils-0.7.2.crate Upgrade to version: crossbeam-utils - 0.8.7 None
CVE-2021-45710

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> ❌ tokio-0.1.22.crate (Vulnerable Library)

High 8.1 Not Defined 0.2% tokio-0.1.22.crate Upgrade to version: tokio - 1.8.4,1.13.1 None
CVE-2023-4807

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

High 7.8 Not Defined 0.0% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: openssl-3.0.11,openssl-3.1.3,OpenSSL_1_1_1w, cryptography - 41.0.4 None
WS-2023-0083

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> ❌ openssl-0.10.30.crate (Vulnerable Library)

High 7.5 Not Defined openssl-0.10.30.crate Upgrade to version: openssl - 0.10.48 None
WS-2023-0082

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> ❌ openssl-0.10.30.crate (Vulnerable Library)

High 7.5 Not Defined openssl-0.10.30.crate Upgrade to version: openssl - 0.10.48 None
WS-2023-0081

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> ❌ openssl-0.10.30.crate (Vulnerable Library)

High 7.5 Not Defined openssl-0.10.30.crate Upgrade to version: openssl - 0.10.48 None
WS-2022-0132

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> rusoto_credential-0.13.0.crate

       -> ❌ hyper-0.12.35.crate (Vulnerable Library)

High 7.5 Not Defined hyper-0.12.35.crate Upgrade to version: hyper - 0.14.12 None
CVE-2023-34411

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> ❌ xml-rs-0.7.0.crate (Vulnerable Library)

High 7.5 Not Defined 0.1% xml-rs-0.7.0.crate Upgrade to version: xml-rs - 0.8.14 None
CVE-2023-26964

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> rusoto_credential-0.13.0.crate

       -> hyper-0.12.35.crate

         -> ❌ h2-0.1.26.crate (Vulnerable Library)

High 7.5 Not Defined 0.2% h2-0.1.26.crate Upgrade to version: h2 - 0.3.17 None
CVE-2023-26964

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> rusoto_credential-0.13.0.crate

       -> ❌ hyper-0.12.35.crate (Vulnerable Library)

High 7.5 Not Defined 0.2% hyper-0.12.35.crate Upgrade to version: h2 - 0.3.17 None
CVE-2023-0464

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

High 7.5 Not Defined 1.6% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: OpenSSL_1_1_1u,openssl-3.0.9,openssl-3.1.1 None
CVE-2023-0215

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

High 7.5 Not Defined 0.70000005% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: openssl-src - 111.25,300.0.12 None
CVE-2022-4450

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

High 7.5 Not Defined 0.2% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: OpenSSL_1_1_1t,openssl-3.0.8 None
CVE-2022-31394

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> rusoto_credential-0.13.0.crate

       -> ❌ hyper-0.12.35.crate (Vulnerable Library)

High 7.5 Not Defined 0.1% hyper-0.12.35.crate Upgrade to version: hyper - v0.14.19 None
CVE-2022-24713

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> rusoto_credential-0.13.0.crate

       -> ❌ regex-0.2.11.crate (Vulnerable Library)

High 7.5 Not Defined 0.3% regex-0.2.11.crate Upgrade to version: regex - 1.5.5 None
CVE-2022-1473

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

High 7.5 Not Defined 0.5% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: openssl-src - 300.0.6+3.0.3 None
CVE-2022-0778

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

High 7.5 Not Defined 4.6% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: OpenSSL_1_1_1n, openssl-3.0.2 None
CVE-2021-4044

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

High 7.5 Not Defined 0.2% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: openssl-src - 300.0.4+3.0.1 None
CVE-2021-23840

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

High 7.5 Not Defined 0.70000005% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: OpenSSL_1_1_1j; openssl-src -111.14.0+1.1.1j None
CVE-2020-36465

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> sha2-0.7.1.crate

       -> digest-0.7.6.crate

         -> ❌ generic-array-0.9.0.crate (Vulnerable Library)

High 7.5 Not Defined 0.1% generic-array-0.9.0.crate Upgrade to version: generic-array - 0.8.4,0.9.1,0.10.1,0.11.2,0.12.4,0.13.3 None
CVE-2018-25023

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> tokio-0.1.22.crate

       -> tokio-reactor-0.1.12.crate

         -> parking_lot-0.9.0.crate

           -> parking_lot_core-0.6.2.crate

             -> ❌ smallvec-0.6.13.crate (Vulnerable Library)

High 7.5 Not Defined 0.1% smallvec-0.6.13.crate Upgrade to version: smallvec - 0.6.13 None
CVE-2023-0286

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

High 7.4 Not Defined 0.4% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: openssl-3.0.8;cryptography - 39.0.1;openssl-src - 111.25.0+1.1.1t,300.0.12+3.0.8 None
CVE-2021-3712

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

High 7.4 Not Defined 0.5% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: OpenSSL - 1.1.1l None
CVE-2021-3450

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

High 7.4 Not Defined 0.4% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: 1.1.1k None
CVE-2023-2650

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

Medium 6.5 Not Defined 0.5% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: OpenSSL_1_1_1u,openssl-3.0.9,openssl-3.1.1, cryptography - 41.0.0 None
CVE-2022-4304

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

Medium 5.9 Not Defined 0.2% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: OpenSSL_1_1_1t,openssl-3.0.8 None
CVE-2022-1434

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

Medium 5.9 Not Defined 0.1% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: openssl-src - 300.0.6+3.0.3 None
CVE-2021-4160

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

Medium 5.9 Not Defined 0.6% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: OpenSSL_1_1_1m, openssl-3.0.1 None
CVE-2021-3449

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

Medium 5.9 Not Defined 8.2% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: 1.1.1k None
CVE-2021-32714

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> rusoto_credential-0.13.0.crate

       -> ❌ hyper-0.12.35.crate (Vulnerable Library)

Medium 5.9 Not Defined 0.1% hyper-0.12.35.crate Upgrade to version: hyper - 0.14.10 None
CVE-2021-23841

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

Medium 5.9 Not Defined 2.7% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: OpenSSL_1_1_1j; openssl-src -111.14.0+1.1.1j None
CVE-2020-1971

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

Medium 5.9 Not Defined 1.4000001% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: 1.0.2x,1.1.1i None
CVE-2024-0727

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

Medium 5.5 Not Defined 0.2% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: OpenSSL_1_1_1x,OpenSSL_1_0_2zj,openssl-3.0.13,openssl-3.1.5,openssl-3.2.1 None
CVE-2020-35922

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> tokio-0.1.22.crate

       -> tokio-reactor-0.1.12.crate

         -> ❌ mio-0.6.22.crate (Vulnerable Library)

Medium 5.5 Not Defined 0.0% mio-0.6.22.crate Upgrade to version: 0.7.6 None
CVE-2020-35921

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> tokio-0.1.22.crate

       -> tokio-reactor-0.1.12.crate

         -> mio-0.6.22.crate

           -> ❌ miow-0.2.1.crate (Vulnerable Library)

Medium 5.5 Not Defined 0.0% miow-0.2.1.crate Upgrade to version: miow - 0.2.2,0.3.6 None
CVE-2020-35920

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> tokio-0.1.22.crate

       -> tokio-reactor-0.1.12.crate

         -> mio-0.6.22.crate

           -> ❌ net2-0.2.35.crate (Vulnerable Library)

Medium 5.5 Not Defined 0.0% net2-0.2.35.crate Upgrade to version: net2 - 0.2.36, socket2 - 0.3.16 None
CVE-2020-35919

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> tokio-0.1.22.crate

       -> tokio-reactor-0.1.12.crate

         -> mio-0.6.22.crate

           -> ❌ net2-0.2.35.crate (Vulnerable Library)

Medium 5.5 Not Defined 0.0% net2-0.2.35.crate Upgrade to version: net2 - 0.2.36 None
CVE-2020-35910

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> tokio-0.1.22.crate

       -> tokio-reactor-0.1.12.crate

         -> parking_lot-0.9.0.crate

           -> ❌ lock_api-0.3.4.crate (Vulnerable Library)

Medium 5.5 Not Defined 0.0% lock_api-0.3.4.crate Upgrade to version: 0.4.2 None
CVE-2020-35908

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> tokio-0.1.22.crate

       -> tokio-executor-0.1.10.crate

         -> ❌ futures-0.1.30.crate (Vulnerable Library)

Medium 5.5 Not Defined 0.0% futures-0.1.30.crate Upgrade to version: 0.3.2 None
CVE-2020-35907

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> tokio-0.1.22.crate

       -> tokio-executor-0.1.10.crate

         -> ❌ futures-0.1.30.crate (Vulnerable Library)

Medium 5.5 Not Defined 0.0% futures-0.1.30.crate Upgrade to version: futures-task - 0.3.5 None
CVE-2023-22466

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> ❌ tokio-0.1.22.crate (Vulnerable Library)

Medium 5.4 Not Defined 0.1% tokio-0.1.22.crate Upgrade to version: tokio - 1.18.4,1.20.3,1.23.1 None
WS-2023-0223

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> structopt-0.2.18.crate (Root Library)

   -> clap-2.33.3.crate

     -> ❌ atty-0.2.11.crate (Vulnerable Library)

Medium 5.3 Not Defined atty-0.2.11.crate None
WS-2020-0404

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> tokio-0.1.22.crate

       -> tokio-reactor-0.1.12.crate

         -> mio-0.6.22.crate

           -> ❌ net2-0.2.35.crate (Vulnerable Library)

Medium 5.3 Not Defined net2-0.2.35.crate Upgrade to version: net2 - 0.2.36 None
CVE-2023-5678

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

Medium 5.3 Not Defined 0.1% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: OpenSSL_1_1_1x,openssl-3.0.13,openssl-3.1.5 None
CVE-2023-3817

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

Medium 5.3 Not Defined 0.2% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: openssl-3.0.10,openssl-3.1.2 None
CVE-2023-0465

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

Medium 5.3 Not Defined 0.5% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: OpenSSL_1_1_1u,openssl-3.0.9,openssl-3.1.1 None
CVE-2022-2097

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

Medium 5.3 Not Defined 0.5% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: OpenSSL_1_1_1q,openssl-3.0.5 None
CVE-2022-1343

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

Medium 5.3 Not Defined 0.2% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: openssl-src - 300.0.6+3.0.3 None
CVE-2020-26235

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> rusoto_credential-0.13.0.crate

       -> ❌ chrono-0.4.19.crate (Vulnerable Library)

Medium 5.3 Not Defined 0.1% chrono-0.4.19.crate Upgrade to version: chrono - 0.4.20,time - 0.2.23 None
CVE-2022-4203

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

Medium 4.9 Not Defined 0.2% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: openssl-3.0.8 None
CVE-2024-12224

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> url-1.7.2.crate

       -> ❌ idna-0.1.5.crate (Vulnerable Library)

Medium 4.8 Not Defined idna-0.1.5.crate Upgrade to version: idna - 1.0.0 None
CVE-2021-21299

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> rusoto_credential-0.13.0.crate

       -> ❌ hyper-0.12.35.crate (Vulnerable Library)

Medium 4.8 Not Defined 0.3% hyper-0.12.35.crate Upgrade to version: hyper - 0.13.10,0.14.3 None
CVE-2020-35914

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> tokio-0.1.22.crate

       -> tokio-reactor-0.1.12.crate

         -> parking_lot-0.9.0.crate

           -> ❌ lock_api-0.3.4.crate (Vulnerable Library)

Medium 4.7 Not Defined 0.0% lock_api-0.3.4.crate Upgrade to version: lock_api-0.4.2 None
CVE-2020-35913

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> tokio-0.1.22.crate

       -> tokio-reactor-0.1.12.crate

         -> parking_lot-0.9.0.crate

           -> ❌ lock_api-0.3.4.crate (Vulnerable Library)

Medium 4.7 Not Defined 0.0% lock_api-0.3.4.crate Upgrade to version: 0.4.2 None
CVE-2020-35912

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> tokio-0.1.22.crate

       -> tokio-reactor-0.1.12.crate

         -> parking_lot-0.9.0.crate

           -> ❌ lock_api-0.3.4.crate (Vulnerable Library)

Medium 4.7 Not Defined 0.0% lock_api-0.3.4.crate Upgrade to version: lock_api-0.4.2 None
CVE-2020-35911

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> tokio-0.1.22.crate

       -> tokio-reactor-0.1.12.crate

         -> parking_lot-0.9.0.crate

           -> ❌ lock_api-0.3.4.crate (Vulnerable Library)

Medium 4.7 Not Defined 0.0% lock_api-0.3.4.crate Upgrade to version: lock_api-0.4.2 None
CVE-2021-23839

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> hyper-tls-0.3.2.crate

       -> native-tls-0.2.4.crate

         -> openssl-0.10.30.crate

           -> openssl-sys-0.9.58.crate

             -> ❌ openssl-src-111.12.0+1.1.1h.crate (Vulnerable Library)

Low 3.7 Not Defined 0.1% openssl-src-111.12.0+1.1.1h.crate Upgrade to version: OpenSSL_1_1_1j None
CVE-2021-32715

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

-> rusoto_ecr-0.34.0.crate (Root Library)

   -> rusoto_core-0.34.0.crate

     -> rusoto_credential-0.13.0.crate

       -> ❌ hyper-0.12.35.crate (Vulnerable Library)

Low 3.1 Not Defined 0.1% hyper-0.12.35.crate Upgrade to version: hyper - 0.14.10 None

Total libraries scanned: 206
Scan token: dde75a1f935a483d8b9a842ed77b0e58
View more details on Mend/5034428