From 958120be0a6adf9c4bac0d5d021a26fb68ded660 Mon Sep 17 00:00:00 2001 From: Brad Gibson Date: Mon, 7 Jun 2021 14:06:52 -0700 Subject: [PATCH] Update RUSTSEC-2020-0043.md (#934) Version of `parity-ws` containing fix now correctly reads `>=0.10.0', not '>0.10.0' (0.10.0 is the latest as of this writing and contains the fix). --- crates/ws/RUSTSEC-2020-0043.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/ws/RUSTSEC-2020-0043.md b/crates/ws/RUSTSEC-2020-0043.md index 0b7eb64..939218a 100644 --- a/crates/ws/RUSTSEC-2020-0043.md +++ b/crates/ws/RUSTSEC-2020-0043.md @@ -18,4 +18,4 @@ Affected versions of this crate did not properly check and cap the growth of the This allows a remote attacker to take down the process by growing the buffer of their (single) connection until the process runs out of memory it can allocate and is killed. -The flaw was corrected in the [`parity-ws` fork](https://crates.io/crates/parity-ws) (>0.10.0) by [disconnecting a client when the buffer runs full](https://github.com/housleyjk/ws-rs/pull/328). +The flaw was corrected in the [`parity-ws` fork](https://crates.io/crates/parity-ws) (>=0.10.0) by [disconnecting a client when the buffer runs full](https://github.com/housleyjk/ws-rs/pull/328).