RUSTSEC-2021-0073: Conversion from `prost_types::Timestamp` to `SystemTime` can cause an overflow and panic
github-actions opened this issue · comments
Conversion from
prost_types::TimestamptoSystemTimecan cause an overflow and panic
| Details | |
|---|---|
| Package | prost-types |
| Version | 0.7.0 |
| URL | tokio-rs/prost#438 |
| Date | 2021-07-08 |
| Patched versions | >=0.8.0 |
Affected versions of this crate contained a bug in which untrusted input could cause an overflow and panic when converting a Timestamp to SystemTime.
It is recommended to upgrade to prost-types v0.8 and switch the usage of From<Timestamp> for SystemTime to TryFrom<Timestamp> for SystemTime.
See #438 for more information.
See advisory page for additional details.