mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-01-04 10:40:34 +01:00
ac125ee29a
As proposed in #240 and tracked in #414, this PR translates all advisories into the new "V3" advisory format, which is based on Markdown with leading TOML front matter. This format makes it easier to see rendered Markdown syntax descriptions, whether rendered by an IDE or GitHub. This should help with both crafting advisories initially as well as review, and ideally encourages more lengthy descriptions. Support for this format shipped in `cargo-audit` v0.12.0 on May 6th, 2020.
30 lines
1.1 KiB
Markdown
30 lines
1.1 KiB
Markdown
```toml
|
|
[advisory]
|
|
id = "RUSTSEC-2020-0008"
|
|
package = "hyper"
|
|
categories = ["format-injection"]
|
|
date = "2020-03-19"
|
|
keywords = ["http", "request-smuggling"]
|
|
url = "https://github.com/hyperium/hyper/issues/1925"
|
|
|
|
[versions]
|
|
patched = [">= 0.12.34"]
|
|
unaffected = ["< 0.11.0"]
|
|
```
|
|
|
|
# Flaw in hyper allows request smuggling by sending a body in GET requests
|
|
|
|
Vulnerable versions of hyper allow GET requests to have bodies, even if there is
|
|
no Transfer-Encoding or Content-Length header. As per the HTTP 1.1
|
|
specification, such requests do not have bodies, so the body will be interpreted
|
|
as a separate HTTP request.
|
|
|
|
This allows an attacker who can control the body and method of an HTTP request
|
|
made by hyper to inject a request with headers that would not otherwise be
|
|
allowed, as demonstrated by sending a malformed HTTP request from a Substrate
|
|
runtime. This allows bypassing CORS restrictions. In combination with other
|
|
vulnerabilities, such as an exploitable web server listening on loopback, it may
|
|
allow remote code execution.
|
|
|
|
The flaw was corrected in hyper version 0.12.34.
|