solana-program-library icon indicating copy to clipboard operation
solana-program-library copied to clipboard

[token-2022] Vulnerable dependencies (TOK-STK-3)

Open samkim-crypto opened this issue 2 years ago • 0 comments

Description

The result from the cargo audit command shows there is one crate (time) with a known vulnerability.

❯ cargo audit
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 458 security advisories (from /Users/andershelsing/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (651 crate dependencies)
Crate:     time
Version:   0.1.44
Title:     Potential segfault in the time crate
Date:      2020-11-18
ID:        RUSTSEC-2020-0071
URL:       https://rustsec.org/advisories/RUSTSEC-2020-0071
Solution:  Upgrade to >=0.2.23

Recommendations

Short term, triage the use of the vulnerability in the time crate, and upgrade to a version where it is patched.

samkim-crypto avatar Oct 12 '22 06:10 samkim-crypto