crates.io package
tokio
pkg:cargo/tokio
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-22466 | — | >= 1.7.0, < 1.18.4 | 1.18.4 | Jan 4, 2023 | Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting `pipe_mode` will reset `reject_remote_clients` to `false`. If the application has previously | ||
| CVE-2021-45710 | — | >= 0.1.14, < 1.8.4 | 1.8.4 | Dec 26, 2021 | An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption. | ||
| CVE-2021-38191 | — | >= 1.8.0, < 1.8.1 | 1.8.1 | Aug 8, 2021 | An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread. |
- CVE-2023-22466Jan 4, 2023affected >= 1.7.0, < 1.18.4fixed 1.18.4
Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting `pipe_mode` will reset `reject_remote_clients` to `false`. If the application has previously
- CVE-2021-45710Dec 26, 2021affected >= 0.1.14, < 1.8.4fixed 1.8.4
An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.
- CVE-2021-38191Aug 8, 2021affected >= 1.8.0, < 1.8.1fixed 1.8.1
An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread.