sentry-0.27.0.crate: 12 vulnerabilities (highest severity is: 9.8) #607
Description
Vulnerable Library - sentry-0.27.0.crate
Path to dependency file: /source/native-addon-rust/Cargo.toml
Path to vulnerable library: /source/native-addon-rust/Cargo.toml
Found in HEAD commit: 273a134394edfb54991ff74097965c8f3cac3de7
Vulnerabilities
| Vulnerability | Severity |  CVSS |
Dependency | Type | Fixed in (sentry version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| WS-2023-0027 |  Critical |
9.8 | tokio-1.21.2.crate | Transitive | N/A* | ❌ |
| WS-2023-0195 | Critical |
9.1 | openssl-0.10.42.crate | Transitive | N/A* | ❌ |
| WS-2023-0045 | Critical |
9.1 | remove_dir_all-0.5.3.crate | Transitive | N/A* | ❌ |
| WS-2023-0083 |  High |
7.5 | detected in multiple dependencies | Transitive | N/A* | ❌ |
| WS-2023-0082 | High |
7.5 | detected in multiple dependencies | Transitive | N/A* | ❌ |
| WS-2023-0081 | High |
7.5 | detected in multiple dependencies | Transitive | N/A* | ❌ |
| CVE-2023-26964 | High |
7.5 | detected in multiple dependencies | Transitive | N/A* | ❌ |
| CVE-2023-22466 |  Medium |
5.4 | tokio-1.21.2.crate | Transitive | N/A* | ❌ |
| CVE-2025-24898 | Medium |
4.8 | openssl-0.10.42.crate | Transitive | N/A* | ❌ |
| CVE-2024-12224 | Medium |
4.8 | idna-0.3.0.crate | Transitive | N/A* | ❌ |
| CVE-2023-53159 | Medium |
4.5 | openssl-0.10.42.crate | Transitive | N/A* | ❌ |
| CVE-2025-3416 |  Low |
3.7 | openssl-0.10.42.crate | Transitive | N/A* | ❌ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
WS-2023-0027
Vulnerable Library - tokio-1.21.2.crate
An event-driven, non-blocking I/O platform for writing asynchronous I/O backed applications.
Library home page: https://static.crates.io/crates/tokio/tokio-1.21.2.crate
Path to dependency file: /source/native-addon-rust/Cargo.toml
Path to vulnerable library: /source/native-addon-rust/Cargo.toml
Dependency Hierarchy:
- sentry-0.27.0.crate (Root Library)
- ❌ tokio-1.21.2.crate (Vulnerable Library)
Found in HEAD commit: 273a134394edfb54991ff74097965c8f3cac3de7
Found in base branch: master
Vulnerability Details
A soundness issue was discovered in tokio. tokio::io::ReadHalf::unsplit can violate the Pin contract. Specific set of conditions needed to trigger an issue (a !Unpin type in ReadHalf) is unusual, combined with the difficulty of making any arbitrary use-after-free exploitable in Rust without doing a lot of careful alignment of data types in the surrounding code. The tokio feature io-util is also required to be enabled to trigger this soundness issue.
Publish Date: 2024-11-03
URL: WS-2023-0027
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://rustsec.org/advisories/RUSTSEC-2023-0005.html
Release Date: 2023-02-02
Fix Resolution: tokio - 1.18.5,1.20.4,1.24.2
Step up your Open Source Security Game with Mend here
WS-2023-0195
Vulnerable Library - openssl-0.10.42.crate
OpenSSL bindings
Library home page: https://static.crates.io/crates/openssl/openssl-0.10.42.crate
Path to dependency file: /source/native-addon-rust/Cargo.toml
Path to vulnerable library: /source/native-addon-rust/Cargo.toml
Dependency Hierarchy:
- sentry-0.27.0.crate (Root Library)
- reqwest-0.11.12.crate
- tokio-native-tls-0.3.0.crate
- native-tls-0.2.11.crate
- ❌ openssl-0.10.42.crate (Vulnerable Library)
- native-tls-0.2.11.crate
- tokio-native-tls-0.3.0.crate
- reqwest-0.11.12.crate
Found in HEAD commit: 273a134394edfb54991ff74097965c8f3cac3de7
Found in base branch: master
Vulnerability Details
openssl X509VerifyParamRef::set_host buffer over-read
Publish Date: 2024-11-03
URL: WS-2023-0195
CVSS 3 Score Details (9.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-xcf7-rvmh-g6q4
Release Date: 2023-06-22
Fix Resolution: openssl - 0.10.55
Step up your Open Source Security Game with Mend here
WS-2023-0045
Vulnerable Library - remove_dir_all-0.5.3.crate
A safe, reliable implementation of remove_dir_all for Windows
Library home page: https://crates.io/api/v1/crates/remove_dir_all/0.5.3/download
Path to dependency file: /source/native-addon-rust/Cargo.toml
Path to vulnerable library: /source/native-addon-rust/Cargo.toml
Dependency Hierarchy:
- sentry-0.27.0.crate (Root Library)
- reqwest-0.11.12.crate
- tokio-native-tls-0.3.0.crate
- native-tls-0.2.11.crate
- tempfile-3.3.0.crate
- ❌ remove_dir_all-0.5.3.crate (Vulnerable Library)
- tempfile-3.3.0.crate
- native-tls-0.2.11.crate
- tokio-native-tls-0.3.0.crate
- reqwest-0.11.12.crate
Found in HEAD commit: 273a134394edfb54991ff74097965c8f3cac3de7
Found in base branch: master
Vulnerability Details
The remove_dir_all crate is a Rust library that offers additional features over the Rust standard library fs::remove_dir_all function. It suffers the same class of failure as the code it was layering over: TOCTOU race conditions, with the ability to cause arbitrary paths to be deleted by substituting a symlink for a path after the type of the path was checked.
Publish Date: 2024-11-21
URL: WS-2023-0045
CVSS 3 Score Details (9.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-mc8h-8q98-g5hr
Release Date: 2023-02-24
Fix Resolution: remove_dir_all - 0.8.0
Step up your Open Source Security Game with Mend here
WS-2023-0083
Vulnerable Libraries - openssl-0.10.42.crate, openssl-sys-0.9.77.crate
openssl-0.10.42.crate
OpenSSL bindings
Library home page: https://static.crates.io/crates/openssl/openssl-0.10.42.crate
Path to dependency file: /source/native-addon-rust/Cargo.toml
Path to vulnerable library: /source/native-addon-rust/Cargo.toml
Dependency Hierarchy:
- sentry-0.27.0.crate (Root Library)
- reqwest-0.11.12.crate
- tokio-native-tls-0.3.0.crate
- native-tls-0.2.11.crate
- ❌ openssl-0.10.42.crate (Vulnerable Library)
- native-tls-0.2.11.crate
- tokio-native-tls-0.3.0.crate
- reqwest-0.11.12.crate
openssl-sys-0.9.77.crate
FFI bindings to OpenSSL
Library home page: https://static.crates.io/crates/openssl-sys/openssl-sys-0.9.77.crate
Path to dependency file: /source/native-addon-rust/Cargo.toml
Path to vulnerable library: /source/native-addon-rust/Cargo.toml
Dependency Hierarchy:
- sentry-0.27.0.crate (Root Library)
- reqwest-0.11.12.crate
- tokio-native-tls-0.3.0.crate
- native-tls-0.2.11.crate
- openssl-0.10.42.crate
- ❌ openssl-sys-0.9.77.crate (Vulnerable Library)
- openssl-0.10.42.crate
- native-tls-0.2.11.crate
- tokio-native-tls-0.3.0.crate
- reqwest-0.11.12.crate
Found in HEAD commit: 273a134394edfb54991ff74097965c8f3cac3de7
Found in base branch: master
Vulnerability Details
openssl SubjectAlternativeName and ExtendedKeyUsage::other allow arbitrary file read
Publish Date: 2024-11-03
URL: WS-2023-0083
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: GHSA-9qwg-crg9-m2vc
Release Date: 2023-03-25
Fix Resolution: openssl - 0.10.48
Step up your Open Source Security Game with Mend here
WS-2023-0082
Vulnerable Libraries - openssl-0.10.42.crate, openssl-sys-0.9.77.crate
openssl-0.10.42.crate
OpenSSL bindings
Library home page: https://static.crates.io/crates/openssl/openssl-0.10.42.crate
Path to dependency file: /source/native-addon-rust/Cargo.toml
Path to vulnerable library: /source/native-addon-rust/Cargo.toml
Dependency Hierarchy:
- sentry-0.27.0.crate (Root Library)
- reqwest-0.11.12.crate
- tokio-native-tls-0.3.0.crate
- native-tls-0.2.11.crate
- ❌ openssl-0.10.42.crate (Vulnerable Library)
- native-tls-0.2.11.crate
- tokio-native-tls-0.3.0.crate
- reqwest-0.11.12.crate
openssl-sys-0.9.77.crate
FFI bindings to OpenSSL
Library home page: https://static.crates.io/crates/openssl-sys/openssl-sys-0.9.77.crate
Path to dependency file: /source/native-addon-rust/Cargo.toml
Path to vulnerable library: /source/native-addon-rust/Cargo.toml
Dependency Hierarchy:
- sentry-0.27.0.crate (Root Library)
- reqwest-0.11.12.crate
- tokio-native-tls-0.3.0.crate
- native-tls-0.2.11.crate
- openssl-0.10.42.crate
- ❌ openssl-sys-0.9.77.crate (Vulnerable Library)
- openssl-0.10.42.crate
- native-tls-0.2.11.crate
- tokio-native-tls-0.3.0.crate
- reqwest-0.11.12.crate
Found in HEAD commit: 273a134394edfb54991ff74097965c8f3cac3de7
Found in base branch: master
Vulnerability Details
openssl X509NameBuilder::build returned object is not thread safe
Publish Date: 2024-11-03
URL: WS-2023-0082
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: GHSA-3gxf-9r58-2ghg
Release Date: 2023-03-25
Fix Resolution: openssl - 0.10.48
Step up your Open Source Security Game with Mend here
WS-2023-0081
Vulnerable Libraries - openssl-0.10.42.crate, openssl-sys-0.9.77.crate
openssl-0.10.42.crate
OpenSSL bindings
Library home page: https://static.crates.io/crates/openssl/openssl-0.10.42.crate
Path to dependency file: /source/native-addon-rust/Cargo.toml
Path to vulnerable library: /source/native-addon-rust/Cargo.toml
Dependency Hierarchy:
- sentry-0.27.0.crate (Root Library)
- reqwest-0.11.12.crate
- tokio-native-tls-0.3.0.crate
- native-tls-0.2.11.crate
- ❌ openssl-0.10.42.crate (Vulnerable Library)
- native-tls-0.2.11.crate
- tokio-native-tls-0.3.0.crate
- reqwest-0.11.12.crate
openssl-sys-0.9.77.crate
FFI bindings to OpenSSL
Library home page: https://static.crates.io/crates/openssl-sys/openssl-sys-0.9.77.crate
Path to dependency file: /source/native-addon-rust/Cargo.toml
Path to vulnerable library: /source/native-addon-rust/Cargo.toml
Dependency Hierarchy:
- sentry-0.27.0.crate (Root Library)
- reqwest-0.11.12.crate
- tokio-native-tls-0.3.0.crate
- native-tls-0.2.11.crate
- openssl-0.10.42.crate
- ❌ openssl-sys-0.9.77.crate (Vulnerable Library)
- openssl-0.10.42.crate
- native-tls-0.2.11.crate
- tokio-native-tls-0.3.0.crate
- reqwest-0.11.12.crate
Found in HEAD commit: 273a134394edfb54991ff74097965c8f3cac3de7
Found in base branch: master
Vulnerability Details
openssl X509Extension::new and X509Extension::new_nid null pointer dereference
Publish Date: 2024-11-03
URL: WS-2023-0081
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-6hcf-g6gr-hhcr
Release Date: 2023-03-25
Fix Resolution: openssl - 0.10.48
Step up your Open Source Security Game with Mend here
CVE-2023-26964
Vulnerable Libraries - hyper-0.14.22.crate, h2-0.3.15.crate
hyper-0.14.22.crate
A protective and efficient HTTP library for all.
Library home page: https://static.crates.io/crates/hyper/hyper-0.14.22.crate
Path to dependency file: /source/native-addon-rust/Cargo.toml
Path to vulnerable library: /source/native-addon-rust/Cargo.toml
Dependency Hierarchy:
- sentry-0.27.0.crate (Root Library)
- reqwest-0.11.12.crate
- ❌ hyper-0.14.22.crate (Vulnerable Library)
- reqwest-0.11.12.crate
h2-0.3.15.crate
An HTTP/2 client and server
Library home page: https://static.crates.io/crates/h2/h2-0.3.15.crate
Path to dependency file: /source/native-addon-rust/Cargo.toml
Path to vulnerable library: /source/native-addon-rust/Cargo.toml
Dependency Hierarchy:
- sentry-0.27.0.crate (Root Library)
- reqwest-0.11.12.crate
- ❌ h2-0.3.15.crate (Vulnerable Library)
- reqwest-0.11.12.crate
Found in HEAD commit: 273a134394edfb54991ff74097965c8f3cac3de7
Found in base branch: master
Vulnerability Details
An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).
Publish Date: 2023-04-11
URL: CVE-2023-26964
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Step up your Open Source Security Game with Mend here
CVE-2023-22466
Vulnerable Library - tokio-1.21.2.crate
An event-driven, non-blocking I/O platform for writing asynchronous I/O backed applications.
Library home page: https://static.crates.io/crates/tokio/tokio-1.21.2.crate
Path to dependency file: /source/native-addon-rust/Cargo.toml
Path to vulnerable library: /source/native-addon-rust/Cargo.toml
Dependency Hierarchy:
- sentry-0.27.0.crate (Root Library)
- ❌ tokio-1.21.2.crate (Vulnerable Library)
Found in HEAD commit: 273a134394edfb54991ff74097965c8f3cac3de7
Found in base branch: master
Vulnerability Details
Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting "pipe_mode" will reset "reject_remote_clients" to "false". If the application has previously configured "reject_remote_clients" to "true", this effectively undoes the configuration. Remote clients may only access the named pipe if the named pipe's associated path is accessible via a publicly shared folder (SMB). Versions 1.23.1, 1.20.3, and 1.18.4 have been patched. The fix will also be present in all releases starting from version 1.24.0. Named pipes were introduced to Tokio in version 1.7.0, so releases older than 1.7.0 are not affected. As a workaround, ensure that "pipe_mode" is set first after initializing a "ServerOptions".
Publish Date: 2023-01-04
URL: CVE-2023-22466
CVSS 3 Score Details (5.4)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: Low
Step up your Open Source Security Game with Mend here
CVE-2025-24898
Vulnerable Library - openssl-0.10.42.crate
OpenSSL bindings
Library home page: https://static.crates.io/crates/openssl/openssl-0.10.42.crate
Path to dependency file: /source/native-addon-rust/Cargo.toml
Path to vulnerable library: /source/native-addon-rust/Cargo.toml
Dependency Hierarchy:
- sentry-0.27.0.crate (Root Library)
- reqwest-0.11.12.crate
- tokio-native-tls-0.3.0.crate
- native-tls-0.2.11.crate
- ❌ openssl-0.10.42.crate (Vulnerable Library)
- native-tls-0.2.11.crate
- tokio-native-tls-0.3.0.crate
- reqwest-0.11.12.crate
Found in HEAD commit: 273a134394edfb54991ff74097965c8f3cac3de7
Found in base branch: master
Vulnerability Details
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions "ssl::select_next_proto" can return a slice pointing into the "server" argument's buffer but with a lifetime bound to the "client" argument. In situations where the "sever" buffer's lifetime is shorter than the "client" buffer's, this can cause a use after free. This could cause the server to crash or to return arbitrary memory contents to the client. The crate"openssl" version 0.10.70 fixes the signature of "ssl::select_next_proto" to properly constrain the output buffer's lifetime to that of both input buffers. Users are advised to upgrade. In standard usage of "ssl::select_next_proto" in the callback passed to "SslContextBuilder::set_alpn_select_callback", code is only affected if the "server" buffer is constructed within the callback.
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: 2025-02-03
URL: CVE-2025-24898
CVSS 3 Score Details (4.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Release Date: 2025-02-03
Fix Resolution: openssl - 0.10.70
Step up your Open Source Security Game with Mend here
CVE-2024-12224
Vulnerable Library - idna-0.3.0.crate
IDNA (Internationalizing Domain Names in Applications) and Punycode.
Library home page: https://static.crates.io/crates/idna/idna-0.3.0.crate
Path to dependency file: /source/native-addon-rust/Cargo.toml
Path to vulnerable library: /source/native-addon-rust/Cargo.toml
Dependency Hierarchy:
- sentry-0.27.0.crate (Root Library)
- sentry-contexts-0.27.0.crate
- sentry-core-0.27.0.crate
- sentry-types-0.27.0.crate
- url-2.3.1.crate
- ❌ idna-0.3.0.crate (Vulnerable Library)
- url-2.3.1.crate
- sentry-types-0.27.0.crate
- sentry-core-0.27.0.crate
- sentry-contexts-0.27.0.crate
Found in HEAD commit: 273a134394edfb54991ff74097965c8f3cac3de7
Found in base branch: master
Vulnerability Details
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
Publish Date: 2025-05-30
URL: CVE-2024-12224
CVSS 3 Score Details (4.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Step up your Open Source Security Game with Mend here
CVE-2023-53159
Vulnerable Library - openssl-0.10.42.crate
OpenSSL bindings
Library home page: https://static.crates.io/crates/openssl/openssl-0.10.42.crate
Path to dependency file: /source/native-addon-rust/Cargo.toml
Path to vulnerable library: /source/native-addon-rust/Cargo.toml
Dependency Hierarchy:
- sentry-0.27.0.crate (Root Library)
- reqwest-0.11.12.crate
- tokio-native-tls-0.3.0.crate
- native-tls-0.2.11.crate
- ❌ openssl-0.10.42.crate (Vulnerable Library)
- native-tls-0.2.11.crate
- tokio-native-tls-0.3.0.crate
- reqwest-0.11.12.crate
Found in HEAD commit: 273a134394edfb54991ff74097965c8f3cac3de7
Found in base branch: master
Vulnerability Details
The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host.
Publish Date: 2025-07-28
URL: CVE-2023-53159
CVSS 3 Score Details (4.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Release Date: 2025-07-28
Fix Resolution: openssl - 0.10.55,https://github.com/sfackler/rust-openssl.git - openssl-v0.10.55
Step up your Open Source Security Game with Mend here
CVE-2025-3416
Vulnerable Library - openssl-0.10.42.crate
OpenSSL bindings
Library home page: https://static.crates.io/crates/openssl/openssl-0.10.42.crate
Path to dependency file: /source/native-addon-rust/Cargo.toml
Path to vulnerable library: /source/native-addon-rust/Cargo.toml
Dependency Hierarchy:
- sentry-0.27.0.crate (Root Library)
- reqwest-0.11.12.crate
- tokio-native-tls-0.3.0.crate
- native-tls-0.2.11.crate
- ❌ openssl-0.10.42.crate (Vulnerable Library)
- native-tls-0.2.11.crate
- tokio-native-tls-0.3.0.crate
- reqwest-0.11.12.crate
Found in HEAD commit: 273a134394edfb54991ff74097965c8f3cac3de7
Found in base branch: master
Vulnerability Details
A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.
Publish Date: 2025-04-08
URL: CVE-2025-3416
CVSS 3 Score Details (3.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Origin: https://rustsec.org/advisories/RUSTSEC-2025-0022.html
Release Date: 2025-04-08
Fix Resolution: openssl - 0.10.72,https://github.com/sfackler/rust-openssl.git - openssl-v0.10.72
Step up your Open Source Security Game with Mend here