Описание
Rust Web Push is vulnerable to a DoS attack via a large integer in a Content-Length header
The web-push crate before 0.10.4 for Rust allows a denial of service (memory consumption) in the built-in clients via a large integer in a Content-Length header. The patch was initially made available in version 0.10.3, but version 0.10.3 has since been yanked.
Пакеты
Наименование
web-push
rust
Затронутые версииВерсия исправления
<= 0.10.2
0.10.4
Связанные уязвимости
CVSS3: 4
nvd
около 2 месяцев назад
The web-push crate before 0.10.3 for Rust allows a denial of service (memory consumption) in the built-in clients via a large integer in a Content-Length header.