Security vulnerability analysis for dependencies of summa-backend package #15

sachindkagrawal15 · 2024-04-21T17:26:32Z

3 Errors and 3 warnings observed for security vulnerability analysis of dependencies of summa-backend package as below :

Error # 1

Crate: h2
Version: 0.3.20
Title: Degradation of service in h2 servers with CONTINUATION Flood
Date: 2024-04-03
ID: RUSTSEC-2024-0332
URL: https://rustsec.org/advisories/RUSTSEC-2024-0332
Solution: Upgrade to ^0.3.26 OR >=0.4.4
Dependency tree:
h2 0.3.20
├── reqwest 0.11.18
│ ├── summa-backend 0.1.0
│ ├── ethers-providers 2.0.7
│ │ ├── ethers-middleware 2.0.7
│ │ │ └── ethers 2.0.7
│ │ │ ├── summa-solvency 0.1.0
│ │ │ │ └── summa-backend 0.1.0
│ │ │ └── summa-backend 0.1.0
│ │ ├── ethers-contract 2.0.7
│ │ │ ├── ethers-middleware 2.0.7
│ │ │ └── ethers 2.0.7
│ │ └── ethers 2.0.7
│ ├── ethers-middleware 2.0.7
│ └── ethers-etherscan 2.0.7
│ ├── ethers-middleware 2.0.7
│ └── ethers 2.0.7
└── hyper 0.14.27
├── reqwest 0.11.18
└── hyper-tls 0.5.0
└── reqwest 0.11.18

Error # 2

Crate: h2
Version: 0.3.20
Title: Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
Date: 2024-01-17
ID: RUSTSEC-2024-0003
URL: https://rustsec.org/advisories/RUSTSEC-2024-0003
Solution: Upgrade to ^0.3.24 OR >=0.4.2

Error # 3

Crate: mio
Version: 0.8.8
Title: Tokens for named pipes may be delivered after deregistration
Date: 2024-03-04
ID: RUSTSEC-2024-0019
URL: https://rustsec.org/advisories/RUSTSEC-2024-0019
Solution: Upgrade to >=0.8.11
Dependency tree:
mio 0.8.8
└── tokio 1.29.1
├── tokio-util 0.7.8
│ └── h2 0.3.20
│ ├── reqwest 0.11.18
│ │ ├── summa-backend 0.1.0
│ │ ├── ethers-providers 2.0.7
│ │ │ ├── ethers-middleware 2.0.7
│ │ │ │ └── ethers 2.0.7
│ │ │ │ ├── summa-solvency 0.1.0
│ │ │ │ │ └── summa-backend 0.1.0
│ │ │ │ └── summa-backend 0.1.0
│ │ │ ├── ethers-contract 2.0.7
│ │ │ │ ├── ethers-middleware 2.0.7
│ │ │ │ └── ethers 2.0.7
│ │ │ └── ethers 2.0.7
│ │ ├── ethers-middleware 2.0.7
│ │ └── ethers-etherscan 2.0.7
│ │ ├── ethers-middleware 2.0.7
│ │ └── ethers 2.0.7
│ └── hyper 0.14.27
│ ├── reqwest 0.11.18
│ └── hyper-tls 0.5.0
│ └── reqwest 0.11.18
├── tokio-native-tls 0.3.1
│ ├── reqwest 0.11.18
│ └── hyper-tls 0.5.0
├── summa-backend 0.1.0
├── reqwest 0.11.18
├── hyper-tls 0.5.0
├── hyper 0.14.27
├── h2 0.3.20
├── ethers-solc 2.0.7
│ ├── ethers-etherscan 2.0.7
│ └── ethers 2.0.7
├── ethers-providers 2.0.7
└── ethers-middleware 2.0.7

Warning # 1

Crate: openssl
Version: 0.10.55
Warning: unsound
Title: openssl X509StoreRef::objects is unsound
Date: 2023-11-23
ID: RUSTSEC-2023-0072
URL: https://rustsec.org/advisories/RUSTSEC-2023-0072
Dependency tree:
openssl 0.10.55
└── native-tls 0.2.11
├── tokio-native-tls 0.3.1
│ ├── reqwest 0.11.18
│ │ ├── summa-backend 0.1.0
│ │ ├── ethers-providers 2.0.7
│ │ │ ├── ethers-middleware 2.0.7
│ │ │ │ └── ethers 2.0.7
│ │ │ │ ├── summa-solvency 0.1.0
│ │ │ │ │ └── summa-backend 0.1.0
│ │ │ │ └── summa-backend 0.1.0
│ │ │ ├── ethers-contract 2.0.7
│ │ │ │ ├── ethers-middleware 2.0.7
│ │ │ │ └── ethers 2.0.7
│ │ │ └── ethers 2.0.7
│ │ ├── ethers-middleware 2.0.7
│ │ └── ethers-etherscan 2.0.7
│ │ ├── ethers-middleware 2.0.7
│ │ └── ethers 2.0.7
│ └── hyper-tls 0.5.0
│ └── reqwest 0.11.18
├── reqwest 0.11.18
└── hyper-tls 0.5.0

Warning # 2

Crate: ahash
Version: 0.8.3
Warning: yanked
Dependency tree:
ahash 0.8.3
└── hashbrown 0.13.2
└── revm-primitives 1.1.2
├── revm-precompile 2.0.3
│ └── revm 3.3.0
│ └── halo2_solidity_verifier 0.1.0
│ └── summa-solvency 0.1.0
│ └── summa-backend 0.1.0
└── revm-interpreter 1.1.2
└── revm 3.3.0

Warning # 3

Crate: elliptic-curve
Version: 0.13.5
Warning: yanked
Dependency tree:
elliptic-curve 0.13.5
├── k256 0.13.1
│ ├── revm-precompile 2.0.3
│ │ └── revm 3.3.0
│ │ └── halo2_solidity_verifier 0.1.0
│ │ └── summa-solvency 0.1.0
│ │ └── summa-backend 0.1.0
│ ├── ethers-core 2.0.7
│ │ ├── ethers-solc 2.0.7
│ │ │ ├── ethers-etherscan 2.0.7
│ │ │ │ ├── ethers-middleware 2.0.7
│ │ │ │ │ └── ethers 2.0.7
│ │ │ │ │ ├── summa-solvency 0.1.0
│ │ │ │ │ └── summa-backend 0.1.0
│ │ │ │ └── ethers 2.0.7
│ │ │ └── ethers 2.0.7
│ │ ├── ethers-signers 2.0.7
│ │ │ ├── ethers-middleware 2.0.7
│ │ │ └── ethers 2.0.7
│ │ ├── ethers-providers 2.0.7
│ │ │ ├── ethers-middleware 2.0.7
│ │ │ ├── ethers-contract 2.0.7
│ │ │ │ ├── ethers-middleware 2.0.7
│ │ │ │ └── ethers 2.0.7
│ │ │ └── ethers 2.0.7
│ │ ├── ethers-middleware 2.0.7
│ │ ├── ethers-etherscan 2.0.7
│ │ ├── ethers-contract-derive 2.0.7
│ │ │ └── ethers-contract 2.0.7
│ │ ├── ethers-contract-abigen 2.0.7
│ │ │ ├── ethers-contract-derive 2.0.7
│ │ │ └── ethers-contract 2.0.7
│ │ ├── ethers-contract 2.0.7
│ │ ├── ethers-addressbook 2.0.7
│ │ │ └── ethers 2.0.7
│ │ └── ethers 2.0.7
│ ├── enr 0.8.1
│ │ └── ethers-providers 2.0.7
│ └── coins-bip32 0.8.3
│ ├── ethers-signers 2.0.7
│ └── coins-bip39 0.8.6
│ └── ethers-signers 2.0.7
├── ethers-signers 2.0.7
├── ethers-core 2.0.7
└── ecdsa 0.16.7
└── k256 0.13.1

error: 3 vulnerabilities found!
warning: 3 allowed warnings found

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security vulnerability analysis for dependencies of summa-backend package #15

Security vulnerability analysis for dependencies of summa-backend package #15

sachindkagrawal15 commented Apr 21, 2024 •

edited

Loading

Security vulnerability analysis for dependencies of summa-backend package #15

Security vulnerability analysis for dependencies of summa-backend package #15

Comments

sachindkagrawal15 commented Apr 21, 2024 • edited Loading

3 Errors and 3 warnings observed for security vulnerability analysis of dependencies of summa-backend package as below :

Error # 1

Error # 2

Error # 3

Warning # 1

Warning # 2

Warning # 3

sachindkagrawal15 commented Apr 21, 2024 •

edited

Loading