CVE-2021-26959 (Medium) detected in hyper-0.12.25.crate #66

mend-for-github.aaakk.us.kg · 2021-02-13T01:20:58Z

CVE-2021-26959 - Medium Severity Vulnerability

Vulnerable Library - hyper-0.12.25.crate

A fast and correct HTTP library.

Library home page: https://crates.io/api/v1/crates/hyper/0.12.25/download

Dependency Hierarchy:

hyper-rustls-0.16.1.crate (Root Library)
- ❌ hyper-0.12.25.crate (Vulnerable Library)

Vulnerability Details

An issue was discovered in the hyper crate before 0.13.10 and 0.14.x before 0.14.3 for Rust. Request smuggling can occur when more than one Transfer-Encoding header is sent.

Publish Date: 2021-02-09

URL: CVE-2021-26959

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://rustsec.org/advisories/RUSTSEC-2021-0020.html

Release Date: 2021-02-09

Fix Resolution: hyper - 0.13.10,0.14.3

mend-for-github.aaakk.us.kg bot added the security vulnerability Security vulnerability detected by WhiteSource label Feb 13, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2021-26959 (Medium) detected in hyper-0.12.25.crate #66

CVE-2021-26959 (Medium) detected in hyper-0.12.25.crate #66

mend-for-github.aaakk.us.kg bot commented Feb 13, 2021

CVE-2021-26959 (Medium) detected in hyper-0.12.25.crate #66

CVE-2021-26959 (Medium) detected in hyper-0.12.25.crate #66

Comments

mend-for-github.aaakk.us.kg bot commented Feb 13, 2021

CVE-2021-26959 - Medium Severity Vulnerability