Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-RUST-OPENSSL-72297
- published 4 Oct 2018
- disclosed 6 Nov 2016
- credit Alex Crichton
How to fix?
openSSL to version 0.9.0 or higher.
openssl is an OpenSSL bindings for Rust.
Affected versions of this package are vulnerable to Man-in-the-Middle (MitM) attacks due to insecure defaults, including off-by-default certificate verification and no API to perform hostname verification.