solana-program-library
solana-program-library copied to clipboard
[token-2022] Vulnerable dependencies (TOK-STK-3)
Description
The result from the cargo audit command shows there is one crate (time
) with a known vulnerability.
❯ cargo audit
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
Loaded 458 security advisories (from /Users/andershelsing/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (651 crate dependencies)
Crate: time
Version: 0.1.44
Title: Potential segfault in the time crate
Date: 2020-11-18
ID: RUSTSEC-2020-0071
URL: https://rustsec.org/advisories/RUSTSEC-2020-0071
Solution: Upgrade to >=0.2.23
Recommendations
Short term, triage the use of the vulnerability in the time crate, and upgrade to a version where it is patched.