OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-22 19:35:23 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
3338fcfb59cea5fcd7d2a4e7fe24cbc7cb778003
advisory-db/crates/tiny_http/RUSTSEC-2020-0031.md
Alexis Mousset 84c633df9c Update aliases from GHSA OSV export (#1693)
2023-06-13 15:10:24 +02:00

24 lines
811 B
Markdown
Raw Blame History

```toml
[advisory]
id = "RUSTSEC-2020-0031"
package = "tiny_http"
aliases = ["CVE-2020-35884", "GHSA-7v2r-wxmg-mgvc"]
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
date = "2020-06-16"
keywords = ["http", "request-smuggling"]
url = "https://github.com/tiny-http/tiny-http/issues/173"
[versions]
patched = [">= 0.8.0", "^0.6.3"]
```
# HTTP Request smuggling through malformed Transfer Encoding headers
HTTP pipelining issues and request smuggling attacks are possible due to incorrect
Transfer encoding header parsing.
It is possible conduct HTTP request smuggling attacks (CL:TE/TE:TE) by sending invalid Transfer Encoding headers.
By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information
from requests other than their own.
Reference in New Issue View Git Blame Copy Permalink