mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-01-25 04:40:44 +01:00
29 lines
1.1 KiB
TOML
29 lines
1.1 KiB
TOML
[advisory]
|
|
id = "RUSTSEC-2020-0008"
|
|
package = "hyper"
|
|
date = "2020-03-19"
|
|
title = "Flaw in hyper allows request smuggling by sending a body in GET requests"
|
|
url = "https://github.com/hyperium/hyper/issues/1925"
|
|
categories = ["format-injection"]
|
|
keywords = ["http", "request-smuggling"]
|
|
|
|
description = """
|
|
Vulnerable versions of hyper allow GET requests to have bodies, even if there is
|
|
no Transfer-Encoding or Content-Length header. As per the HTTP 1.1
|
|
specification, such requests do not have bodies, so the body will be interpreted
|
|
as a separate HTTP request.
|
|
|
|
This allows an attacker who can control the body and method of an HTTP request
|
|
made by hyper to inject a request with headers that would not otherwise be
|
|
allowed, as demonstrated by sending a malformed HTTP request from a Substrate
|
|
runtime. This allows bypassing CORS restrictions. In combination with other
|
|
vulnerabilities, such as an exploitable web server listening on loopback, it may
|
|
allow remote code execution.
|
|
|
|
The flaw was corrected in hyper version 0.12.34.
|
|
"""
|
|
|
|
[versions]
|
|
patched = [">= 0.12.34"]
|
|
unaffected = ["< 0.11.0"]
|