CVE-2020-35863

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-35863

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35863.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-35863

Aliases

Downstream

DEBIAN-CVE-2020-35863

UBUNTU-CVE-2020-35863

Published

2020-12-31T10:15:15.097Z

Modified

2026-04-10T04:25:57.305319Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface.

References

https://rustsec.org/advisories/RUSTSEC-2020-0008.html

Affected packages

Git / github.com/hyperium/hyper

Affected ranges

Type

GIT

Repo

https://github.com/hyperium/hyper

Events

Introduced

Fixed

c83b54dc8877798e173287e35a414d53424e4185

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.12.34"
        }
    ]
}

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.10

v0.1.11

v0.1.12

v0.1.13

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.1.8

v0.1.9

v0.11.0

v0.11.1

v0.11.10

v0.11.11

v0.11.12

v0.11.13

v0.11.14

v0.11.15

v0.11.16

v0.11.17

v0.11.18

v0.11.19

v0.11.2

v0.11.20

v0.11.21

v0.11.22

v0.11.3

v0.11.4

v0.11.5

v0.11.6

v0.11.7

v0.11.8

v0.11.9

v0.12.0

v0.12.1

v0.12.10

v0.12.11

v0.12.12

v0.12.13

v0.12.14

v0.12.15

v0.12.16

v0.12.17

v0.12.18

v0.12.19

v0.12.2

v0.12.20

v0.12.21

v0.12.22

v0.12.23

v0.12.24

v0.12.25

v0.12.26

v0.12.27

v0.12.28

v0.12.29

v0.12.3

v0.12.30

v0.12.31

v0.12.32

v0.12.33

v0.12.4

v0.12.5

v0.12.6

v0.12.7

v0.12.8

v0.12.9

v0.2.0

v0.2.1

v0.3.0

v0.3.1

v0.3.10

v0.3.11

v0.3.12

v0.3.13

v0.3.14

v0.3.15

v0.3.16

v0.3.3

v0.3.4

v0.3.5

v0.3.6

v0.3.7

v0.3.8

v0.3.9

v0.4.0

v0.5.0

v0.5.1

v0.5.2

v0.6.0

v0.6.1

v0.6.10

v0.6.11

v0.6.12

v0.6.14

v0.6.16

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.6.8

v0.6.9

v0.7.0

v0.7.1

v0.7.2

v0.8.0

v0.8.1

v0.9.0

v0.9.1

v0.9.2

v0.9.3

v0.9.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35863.json"