RUSTSEC-2022-0048: xml-rs is Unmaintained
Opened this issue · 1 comments
github-actions commented
xml-rs is Unmaintained
Details | |
---|---|
Status | unmaintained |
Package | xml-rs |
Version | 0.8.4 |
URL | https://github.com/netvl/xml-rs/issues |
Date | 2022-01-26 |
xml-rs is a XML parser has open issues around parsing including integer
overflows / panics that may or may not be an issue with untrusted data.
Together with these open issues with Unmaintained status xml-rs
may or may not be suited to parse untrusted data.
Alternatives
See advisory page for additional details.
brunocodutra commented
cargo tree --invert xml-rs
xml-rs v0.8.4
├── gl_generator v0.14.0
│ [build-dependencies]
│ ├── glutin_egl_sys v0.1.6
│ │ └── glutin v0.29.1
│ │ └── eframe v0.19.0
│ │ [dev-dependencies]
│ │ └── reducer v3.0.1 (/home/bruno/projects/rust/reducer)
│ └── glutin_glx_sys v0.1.8
│ └── glutin v0.29.1 (*)
└── wayland-scanner v0.29.5
[build-dependencies]
├── wayland-client v0.29.5
│ ├── glutin v0.29.1 (*)
│ ├── smithay-client-toolkit v0.16.0
│ │ ├── sctk-adwaita v0.4.3
│ │ │ └── winit v0.27.5
│ │ │ ├── eframe v0.19.0 (*)
│ │ │ ├── egui-winit v0.19.0
│ │ │ │ └── eframe v0.19.0 (*)
│ │ │ └── glutin v0.29.1 (*)
│ │ ├── smithay-clipboard v0.6.6
│ │ │ └── egui-winit v0.19.0 (*)
│ │ └── winit v0.27.5 (*)
│ ├── smithay-clipboard v0.6.6 (*)
│ ├── wayland-cursor v0.29.5
│ │ └── smithay-client-toolkit v0.16.0 (*)
│ ├── wayland-egl v0.29.5
│ │ └── glutin v0.29.1 (*)
│ ├── wayland-protocols v0.29.5
│ │ ├── smithay-client-toolkit v0.16.0 (*)
│ │ └── winit v0.27.5 (*)
│ └── winit v0.27.5 (*)
└── wayland-protocols v0.29.5 (*)