CVE-2021-38512

Опубликовано: 16 июн. 2021

Источник: redhat

CVSS3: 7.5

Описание

An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. HTTP/1 request smuggling (aka HRS) can occur, potentially leading to credential disclosure.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Advanced Cluster Management for Kubernetes 2	cincinnati-container	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-20->CWE-444

https://bugzilla.redhat.com/show_bug.cgi?id=1993528rust-actix-http: potential request smuggling capabilities due to lack of input validation

7.5 High

CVSS3

Связанные уязвимости

CVE-2021-38512

CVSS3: 7.5

nvd

больше 4 лет назад

An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. HTTP/1 request smuggling (aka HRS) can occur, potentially leading to credential disclosure.

GHSA-8928-2fgm-6x9x

CVSS3: 7.5

github

больше 4 лет назад

HTTP Request Smuggling in actix-http

7.5 High

CVSS3