logo

Database

Non-upgradable dependencies In cargo-download

Description

cargo-download is unmaintained The cargo download subcommand (via cargo-download crate) is broken and maintainer has disappeared from GitHub and hasn't had any commits for a year.

Using this downloader will result to corrupted crates.

Maintainer has not responded to maintenance takeover.

Just use wget / curl directly.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. OSV-RUSTSEC-2021-01332. GCVE-RUSTSEC-2021-01333. rustsec.org

References

1. https://github.com/Xion/cargo-download

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.