CVE-2020-35863

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-35863

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35863.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-35863

Aliases

Related

UBUNTU-CVE-2020-35863

Published

2020-12-31T10:15:15Z

Modified

2024-09-18T01:00:20Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface.

References

Affected packages

Debian:12 / rust-hyper

Package

Name: rust-hyper
Purl: pkg:deb/debian/rust-hyper?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.12.35-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / rust-hyper

Package

Name: rust-hyper
Purl: pkg:deb/debian/rust-hyper?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.12.35-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}