An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface.
References
Link | Resource |
---|---|
https://rustsec.org/advisories/RUSTSEC-2020-0008.html | Patch Third Party Advisory |
https://rustsec.org/advisories/RUSTSEC-2020-0008.html | Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 05:28
Type | Values Removed | Values Added |
---|---|---|
References | () https://rustsec.org/advisories/RUSTSEC-2020-0008.html - Patch, Third Party Advisory |
Information
Published : 2020-12-31 10:15
Updated : 2024-11-21 05:28
NVD link : CVE-2020-35863
Mitre link : CVE-2020-35863
CVE.ORG link : CVE-2020-35863
JSON object : View
Products Affected
hyper
- hyper
CWE
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')