Skip to content
This repository has been archived by the owner on Sep 22, 2024. It is now read-only.

fix(deps): update rust crate kube to 0.95.0 #4329

fix(deps): update rust crate kube to 0.95.0

fix(deps): update rust crate kube to 0.95.0 #4329

GitHub Actions / Security audit failed Sep 17, 2024 in 0s

Security advisories found

1 advisory(ies)

Details

Vulnerabilities

RUSTSEC-2024-0336

rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input

Details
Package rustls
Version 0.20.9
URL GHSA-6g7w-8wpp-frhj
Date 2024-04-19
Patched versions >=0.23.5,>=0.22.4, <0.23.0,>=0.21.11, <0.22.0

If a close_notify alert is received during a handshake, complete_io
does not terminate.

Callers which do not call complete_io are not affected.

rustls-tokio and rustls-ffi do not call complete_io
and are not affected.

rustls::Stream and rustls::StreamOwned types use
complete_io and are affected.