From d7233ee826ec860ffcb366ccb3636275a1037b36 Mon Sep 17 00:00:00 2001
From: snoopysecurity <sams@snyk.io>
Date: Fri, 21 Aug 2020 10:44:58 +0100
Subject: [PATCH] Add tiny-http Request Smuggling

---
 crates/tiny_http/RUSTSEC-2020-0000.toml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 crates/tiny_http/RUSTSEC-2020-0000.toml

diff --git a/crates/tiny_http/RUSTSEC-2020-0000.toml b/crates/tiny_http/RUSTSEC-2020-0000.toml
new file mode 100644
index 0000000..0500d15
--- /dev/null
+++ b/crates/tiny_http/RUSTSEC-2020-0000.toml
@@ -0,0 +1,20 @@
+[advisory]
+id = "RUSTSEC-2020-0000"
+package = "tiny_http"
+date = "2020-06-16"
+title = "HTTP Request smuggling through malformed Transfer Encoding headers"
+url = "https://github.com/tiny-http/tiny-http/issues/173"
+categories = ["format-injection"]
+keywords = ["http", "request-smuggling"]
+description = """
+HTTP pipelining issues and request smuggling attacks are possible due to incorrect 
+Transfer encoding header parsing.
+
+It is possible conduct HTTP request smuggling attacks (CL:TE/TE:TE) by sending invalid Transfer Encoding headers. 
+
+By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information 
+from requests other than their own.
+"""
+
+[versions]
+patched = []
\ No newline at end of file