mvalle21 / iris Goto Github PK
View Code? Open in Web Editor NEWThis project forked from mnit-rtmc/iris
Intelligent Roadway Information System
License: GNU General Public License v2.0
This project forked from mnit-rtmc/iris
Intelligent Roadway Information System
License: GNU General Public License v2.0
An event-driven, non-blocking I/O platform for writing asynchronous I/O backed applications.
Library home page: https://crates.io/api/v1/crates/tokio/0.2.22/download
Dependency Hierarchy:
Found in base branch: master
The crate 'tokio' has a data race when sending and receiving after closing a oneshot channel.
Version before 0.1.15 are not affected.
Fixed in v1.8.4 and v.1.13.1
If a tokio::sync::oneshot channel is closed (via the oneshot::Receiver::close method), a data race may occur if the oneshot::Sender::send method is called while the corresponding oneshot::Receiver is awaited or calling try_recv.
When these methods are called concurrently on a closed channel, the two halves of the channel can concurrently access a shared memory location, resulting in a data race. This has been observed to cause memory corruption.
Note that the race only occurs when both halves of the channel are used after the Receiver half has called close. Code where close is not used, or where the Receiver is not awaited and try_recv is not called after calling close, is not affected.
Publish Date: 2021-11-16
URL: WS-2021-0424
Base Score Metrics:
Type: Upgrade version
Origin: https://rustsec.org/advisories/RUSTSEC-2021-0124.html
Release Date: 2021-11-16
Fix Resolution: tokio - 1.8.4,1.13.1
Extensions to the standard library's networking types as proposed in RFC 1158.
Library home page: https://crates.io/api/v1/crates/net2/0.2.35/download
Dependency Hierarchy:
Found in HEAD commit: f5ba21d0a4068619df7211588d4398145fe3eff3
Found in base branch: master
An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about the std::net::SocketAddr memory representation.
Mend Note: Converted from WS-2020-0231, on 2021-01-19.
Publish Date: 2020-12-31
URL: CVE-2020-35919
Base Score Metrics:
Type: Upgrade version
Origin: https://rustsec.org/advisories/RUSTSEC-2020-0078.html
Release Date: 2020-12-31
Fix Resolution: net2 - 0.2.36
A zero overhead I/O library for Windows, focusing on IOCP and Async I/O abstractions.
Library home page: https://crates.io/api/v1/crates/miow/0.2.1/download
Dependency Hierarchy:
Found in HEAD commit: f5ba21d0a4068619df7211588d4398145fe3eff3
Found in base branch: master
An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation.
Mend Note: Converted from WS-2020-0229, on 2021-01-19.
Publish Date: 2020-12-31
URL: CVE-2020-35921
Base Score Metrics:
Type: Upgrade version
Origin: https://rustsec.org/advisories/RUSTSEC-2020-0080.html
Release Date: 2020-12-31
Fix Resolution: miow - 0.2.2,0.3.6
Wrappers to create fully-featured Mutex and RwLock types. Compatible with no_std.
Library home page: https://crates.io/api/v1/crates/lock_api/0.4.1/download
Dependency Hierarchy:
Found in HEAD commit: f5ba21d0a4068619df7211588d4398145fe3eff3
Found in base branch: master
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockReadGuard unsoundness.
Mend Note: Converted from WS-2020-0234, on 2021-08-19.
Publish Date: 2020-12-31
URL: CVE-2020-35913
Base Score Metrics:
Type: Upgrade version
Origin: https://rustsec.org/advisories/RUSTSEC-2020-0070.html
Release Date: 2020-12-31
Fix Resolution: 0.4.2
Wrappers to create fully-featured Mutex and RwLock types. Compatible with no_std.
Library home page: https://crates.io/api/v1/crates/lock_api/0.4.1/download
Dependency Hierarchy:
Found in HEAD commit: f5ba21d0a4068619df7211588d4398145fe3eff3
Found in base branch: master
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockWriteGuard unsoundness.
Publish Date: 2020-12-31
URL: CVE-2020-35914
Base Score Metrics:
Common utilities and extension traits for the futures-rs library.
Library home page: https://crates.io/api/v1/crates/futures-util/0.3.6/download
Dependency Hierarchy:
Found in HEAD commit: f5ba21d0a4068619df7211588d4398145fe3eff3
Found in base branch: master
An issue was discovered in the futures-util crate before 0.3.7 for Rust. MutexGuard::map can cause a data race for certain closure situations (in safe code).
Publish Date: 2020-12-31
URL: CVE-2020-35905
Base Score Metrics:
Type: Upgrade version
Origin: https://rustsec.org/advisories/RUSTSEC-2020-0059.html
Release Date: 2020-12-31
Fix Resolution: futures-util - 0.3.7
Wrappers to create fully-featured Mutex and RwLock types. Compatible with no_std.
Library home page: https://crates.io/api/v1/crates/lock_api/0.4.1/download
Dependency Hierarchy:
Found in HEAD commit: f5ba21d0a4068619df7211588d4398145fe3eff3
Found in base branch: master
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness.
Mend Note: Converted from WS-2020-0234, on 2021-08-19.
Publish Date: 2020-12-31
URL: CVE-2020-35910
Base Score Metrics:
Type: Upgrade version
Origin: https://rustsec.org/advisories/RUSTSEC-2020-0070.html
Release Date: 2020-12-31
Fix Resolution: 0.4.2
A simple interface for querying atty
Library home page: https://crates.io/api/v1/crates/atty/0.2.14/download
Dependency Hierarchy:
Found in HEAD commit: f5ba21d0a4068619df7211588d4398145fe3eff3
Found in base branch: master
Base Score Metrics:
Extensions to the standard library's networking types as proposed in RFC 1158.
Library home page: https://crates.io/api/v1/crates/net2/0.2.35/download
Dependency Hierarchy:
Found in base branch: master
The net2 crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the memory layout, and this will cause invalid memory access if the standard library changes the implementation. No warnings or errors will be emitted once the change happens. Fixed in version 0.2.36.
Publish Date: 2020-11-07
URL: WS-2020-0404
Base Score Metrics:
Type: Upgrade version
Origin: https://rustsec.org/advisories/RUSTSEC-2020-0078.html
Release Date: 2020-11-07
Fix Resolution: net2 - 0.2.36
Wrappers to create fully-featured Mutex and RwLock types. Compatible with no_std.
Library home page: https://crates.io/api/v1/crates/lock_api/0.4.1/download
Dependency Hierarchy:
Found in HEAD commit: f5ba21d0a4068619df7211588d4398145fe3eff3
Found in base branch: master
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockReadGuard unsoundness.
Publish Date: 2020-12-31
URL: CVE-2020-35911
Base Score Metrics:
Wrappers to create fully-featured Mutex and RwLock types. Compatible with no_std.
Library home page: https://crates.io/api/v1/crates/lock_api/0.4.1/download
Dependency Hierarchy:
Found in HEAD commit: f5ba21d0a4068619df7211588d4398145fe3eff3
Found in base branch: master
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockWriteGuard unsoundness.
Publish Date: 2020-12-31
URL: CVE-2020-35912
Base Score Metrics:
Extensions to the standard library's networking types as proposed in RFC 1158.
Library home page: https://crates.io/api/v1/crates/net2/0.2.35/download
Dependency Hierarchy:
Found in HEAD commit: f5ba21d0a4068619df7211588d4398145fe3eff3
Found in base branch: master
An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation.
Mend Note: Converted from WS-2020-0230, on 2021-01-19.
Publish Date: 2020-12-31
URL: CVE-2020-35920
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-458v-4hrf-g3m4
Release Date: 2020-12-31
Fix Resolution: net2 - 0.2.36, socket2 - 0.3.16
An event-driven, non-blocking I/O platform for writing asynchronous I/O backed applications.
Library home page: https://crates.io/api/v1/crates/tokio/0.2.22/download
Dependency Hierarchy:
Found in base branch: master
An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.
Mend Note: Converted from WS-2021-0424, on 2022-11-07.
Publish Date: 2021-12-27
URL: CVE-2021-45710
Base Score Metrics:
Type: Upgrade version
Origin: https://rustsec.org/advisories/RUSTSEC-2021-0124.html
Release Date: 2021-12-27
Fix Resolution: tokio - 1.8.4,1.13.1
JSON is a light-weight, language independent, data interchange format. See http://www.JSON.org/
The files in this package implement JSON encoders/decoders in Java.
It also includes the capability to convert between JSON and XML, HTTP
headers, Cookies, and CDL.
This is a reference implementation. There is a large number of JSON packages
in Java. Perhaps someday the Java community will standardize on one. Until
then, choose carefully.
The license includes this restriction: "The software shall be used for good,
not evil." If your conscience cannot live with that, then choose a different
package.</p>
Library home page: https://github.com/douglascrockford/JSON-java
Path to vulnerable library: /lib/json-20200518.jar
Dependency Hierarchy:
Found in HEAD commit: f5ba21d0a4068619df7211588d4398145fe3eff3
Found in base branch: master
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
Publish Date: 2022-12-13
URL: CVE-2022-45688
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-3vqj-43w4-2q58
Release Date: 2022-12-13
Fix Resolution: 20230227
Common utilities and extension traits for the futures-rs library.
Library home page: https://crates.io/api/v1/crates/futures-util/0.3.6/download
Dependency Hierarchy:
Found in HEAD commit: f5ba21d0a4068619df7211588d4398145fe3eff3
Found in base branch: master
Affected versions of futures-rs had a Send/Sync implementation for MappedMutexGuard that only considered variance on T, while MappedMutexGuard dereferenced to U.
This could of led to data races in safe Rust code when a closure used in MutexGuard::map() returns U that is unrelated to T.
The issue was fixed by fixing Send and Sync implementations, and by adding a PhantomData<&'a mut U> marker to the MappedMutexGuard type to tell the compiler that the guard is over U too.
This is affecting future-rs 0.3.2 through 0.3.6 and fixed in futures-rs 0.3.7 onwards.
Publish Date: 2020-11-02
URL: WS-2020-0189
Base Score Metrics:
Type: Upgrade version
Origin: rust-lang/futures-rs#2239
Release Date: 2020-11-02
Fix Resolution: 0.3.7
'Small vector' optimization: store up to a small number of items on the stack
Library home page: https://crates.io/api/v1/crates/smallvec/1.4.2/download
Dependency Hierarchy:
Found in HEAD commit: f5ba21d0a4068619df7211588d4398145fe3eff3
Found in base branch: master
An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many.
Mend Note: Converted from WS-2021-0002, on 2021-02-01.
Publish Date: 2021-01-26
URL: CVE-2021-25900
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-43w2-9j62-hq99
Release Date: 2021-01-26
Fix Resolution: 0.6.14;1.6.1
An event-driven, non-blocking I/O platform for writing asynchronous I/O backed applications.
Library home page: https://crates.io/api/v1/crates/tokio/0.2.22/download
Dependency Hierarchy:
Found in HEAD commit: f5ba21d0a4068619df7211588d4398145fe3eff3
Found in base branch: master
A soundness issue was discovered in tokio. tokio::io::ReadHalf::unsplit can violate the Pin contract. Specific set of conditions needed to trigger an issue (a !Unpin type in ReadHalf) is unusual, combined with the difficulty of making any arbitrary use-after-free exploitable in Rust without doing a lot of careful alignment of data types in the surrounding code. The tokio feature io-util is also required to be enabled to trigger this soundness issue.
Publish Date: 2023-02-02
URL: WS-2023-0027
Base Score Metrics:
Type: Upgrade version
Origin: https://rustsec.org/advisories/RUSTSEC-2023-0005.html
Release Date: 2023-02-02
Fix Resolution: tokio - 1.18.5,1.20.4,1.24.2
An event-driven, non-blocking I/O platform for writing asynchronous I/O backed applications.
Library home page: https://crates.io/api/v1/crates/tokio/0.2.22/download
Dependency Hierarchy:
Found in HEAD commit: f5ba21d0a4068619df7211588d4398145fe3eff3
Found in base branch: master
Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting pipe_mode
will reset reject_remote_clients
to false
. If the application has previously configured reject_remote_clients
to true
, this effectively undoes the configuration. Remote clients may only access the named pipe if the named pipe's associated path is accessible via a publicly shared folder (SMB). Versions 1.23.1, 1.20.3, and 1.18.4 have been patched. The fix will also be present in all releases starting from version 1.24.0. Named pipes were introduced to Tokio in version 1.7.0, so releases older than 1.7.0 are not affected. As a workaround, ensure that pipe_mode
is set first after initializing a ServerOptions
.
Publish Date: 2023-01-04
URL: CVE-2023-22466
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-7rrj-xr53-82p7
Release Date: 2023-01-04
Fix Resolution: tokio - 1.18.4,1.20.3,1.23.1
Lightweight non-blocking IO
Library home page: https://crates.io/api/v1/crates/mio/0.6.22/download
Dependency Hierarchy:
Found in HEAD commit: f5ba21d0a4068619df7211588d4398145fe3eff3
Found in base branch: master
An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation.
Mend Note: Converted from WS-2020-0225, on 2021-01-19.
Publish Date: 2020-12-31
URL: CVE-2020-35922
Base Score Metrics:
Type: Upgrade version
Origin: https://rustsec.org/advisories/RUSTSEC-2020-0081.html
Release Date: 2020-12-31
Fix Resolution: 0.7.6
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.