RUSTSEC-2022-0048: xml-rs is Unmaintained
github-actions opened this issue · 1 comments
github-actions commented
xml-rs is Unmaintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | xml-rs |
| Version | 0.8.4 |
| URL | https://github.com/netvl/xml-rs/issues |
| Date | 2022-01-26 |
xml-rs is a XML parser has open issues around parsing including integer
overflows / panics that may or may not be an issue with untrusted data.
Together with these open issues with Unmaintained status xml-rs
may or may not be suited to parse untrusted data.
Alternatives
See advisory page for additional details.
amrbashir commented
this is a transitive dependency of winit which is a dev dependency.