CRITICAL🇬🇧 English

CVE-2020-35863

CVSS 9.8v3.1pub. 2020-12-31upd. 2024-11-21

An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Hyper

    APP
    Hyper
    < 0.12.34
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2023-26964HIGH7.5ten sam produkt

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP...

CVE-2022-31394HIGH7.5ten sam produkt

Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 th...

CVE-2021-32714MEDIUM5.9ten sam produkt

hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a fla...

CVE-2021-21299MEDIUM4.8ten sam produkt

hyper is an open-source HTTP library for Rust (crates.io). In hyper from version 0.12.0 and before versions 0....

CVE-2016-10932MEDIUM4.8ten sam produkt

An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-midd...