Vulnerabilities

RUSTSEC-2024-0399

rustls network-reachable panic in Acceptor::accept

A bug introduced in rustls 0.23.13 leads to a panic if the received
TLS ClientHello is fragmented. Only servers that use
rustls::server::Acceptor::accept() are affected.

Servers that use tokio-rustls's LazyConfigAcceptor API are affected.

Servers that use tokio-rustls's TlsAcceptor API are not affected.

Servers that use rustls-ffi's rustls_acceptor_accept API are affected.

Warnings

RUSTSEC-2024-0388

derivative is unmaintained; consider using an alternative

The derivative crate is no longer maintained.
Consider using any alternative, for instance:

• derive_more
• derive-where
• educe

RUSTSEC-2024-0384

instant is unmaintained

This crate is no longer maintained, and the author recommends using the maintained web-time crate instead.

RUSTSEC-2020-0168

mach is unmaintained

Last release was almost 4 years ago.

Maintainer(s) seem to be completely unreachable.

Possible Alternative(s)

These may or may not be suitable alternatives and have not been vetted in any way;

• mach2 - direct fork

RUSTSEC-2022-0061

Crate parity-wasm deprecated by the author

This PR explicitly deprecates parity-wasm.
The author recommends switching to wasm-tools.

RUSTSEC-2024-0370

proc-macro-error is unmaintained

proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email.

proc-macro-error also depends on syn 1.x, which may be bringing duplicate dependencies into dependant build trees.

Possible Alternative(s)

• manyhow
• proc-macro-error2
• proc-macro2-diagnostics

Crate critical-section is yanked

No extra details provided.