Aikido Intel
Secure My Code
Intel

AIKIDO-2025-10324

surf is vulnerable to Use of Unmaintained Third Party Components

Use of Unmaintained Third Party Components Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published May 23, 2025

60

Medium Risk

This Affects:

rustsurf
0.0.0 - *
Are you affected? Scan for Free

TL;DR

The surf crate is no longer maintained, as indicated by the developer. Its last release dates back to 2021—over three years ago—making it outdated. It relies on the deprecated async-std runtime and an obsolete version of rustls for TLS support, both of which introduce risks related to security, performance, and compatibility with modern Rust tooling. Use of this crate is discouraged in favor of actively maintained alternatives.

Who does this affect?

You are affected if you are using this package.

Background info

surf is vulnerable to Use of Unmaintained Third Party Components in all versions.

How to fix this

Remove any GTK3 package from your application. Please take a look at reqwest or ureq instead.

Links

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free
Book a Demo

Free. No credit card required.

Aikido Platform
Subscribe
Stay up to date with all updates
LinkedIn YouTube X
© 2026 Aikido Security BV | BE0792914919
Ghent, Belgium | San Francisco, US
SOC 2SOC 2Compliant
ISO 27001ISO 27001Compliant
Get Security Done