Skip to content

rust-xdr v0.4.4 has a vulnerability due to sub-dependency regex v0.2.11 #42

New issue
New issue
Open
Open
rust-xdr v0.4.4 has a vulnerability due to sub-dependency regex v0.2.11#42
@thakurmi

Description

@thakurmi
thakurmi
opened on Jan 27, 2025

Context
rust-xdr v0.4.4 has a dependency env_logger v0.4.3 which in turn has a sub-dependency regex v0.2.11. However, regex v0.2.11 has a high sev vulnerability linked here. We use rust-xdr v0.4.4 in our package and this is creating security issues for our build. We tried updating rust-xdr but it seems like v0.4.4 is the latest version.

Desired Solution
Update rust-xdr to use a newer version of env_logger or regex such that regex has a version higher than 1.5.5.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions