4 matches found
RUSTSEC-2026-0110 bare-metal is deprecated
The bare-metal crate has been deprecated and archived. For Mutex and CriticalSection, see the critical-section crate instead...
RUSTSEC-2025-0134 rustls-pemfile is unmaintained
The rustls-pemfile crate is no longer maintained. The repository has been archived since August 2025, and users are encouraged to depend directly on the underlying PEM parsing code included in rustls-pki-types since 1.9.0. The latest version of rustls-pemfile is in fact a thin wrapper around the...
RUSTSEC-2025-0111 `tokio-tar` parses PAX extended headers incorrectly, allows file smuggling
The archive reader incorrectly handles PAX extended headers, when the ustar header incorrectly specifies zero size size=000000000000, while a PAX header specifies a non-zero size, tokio-tar::Archive is going to read the file content as tar entry header. This can be used by a tar file to present...
`tokio-tar` parses PAX extended headers incorrectly, allows file smuggling
The archive reader incorrectly handles PAX extended headers, when the ustar header incorrectly specifies zero size size=000000000000, while a PAX header specifies a non-zero size, tokio-tar::Archive is going to read the file content as tar entry header. This can be used by a tar file to present...