Описание
Duplicate of GHSA-m77f-652q-wwp4
Duplicate advisory
This advisory is a duplicate of GHSA-m77f-652q-wwp4. This link is maintained to preserve external references.
Original Description
<bytes::Bytes as axum_core::extract::FromRequest>::from_request would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large (or infinite) body your server might run out of memory and crash. This also applies to these extractors which used Bytes::from_request internally: axum::extract::Form axum::extract::Json String
Пакеты
Наименование
axum-core
rust
Затронутые версииВерсия исправления
< 0.2.8
0.2.8
Наименование
axum-core
rust
Затронутые версииВерсия исправления
= 0.3.0-rc.1
0.3.0-rc.2
7.5 High
CVSS3
Дефекты
CWE-770
7.5 High
CVSS3
Дефекты
CWE-770