CVE-2023-22466 - tokio vulnerability

Question

CVE-2023-22466 - tokio vulnerability

hampuslidin opened this issue 2 years ago · 1 comments

hampuslidin commented 2 years ago

A security advisory has been raised for some tokio versions:

https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2023-22466

Bumping tokio to one of the following versions would circumvent the security issue:

1.23.1
1.20.3
1.18.4

Answer 1 · 2023-01-14T20:14:39.000Z

Sorry, should have looked at the Cargo.toml first! Since only the major version is specified, dependant crates should be able to control the minor and patch versions.