Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HHyper
APPHyper< 0.14.19
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2020-35863CRITICAL9.8ten sam produkt
An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote c...
CVE-2023-26964HIGH7.5ten sam produkt
An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP...
CVE-2021-32714MEDIUM5.9ten sam produkt
hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a fla...
CVE-2021-21299MEDIUM4.8ten sam produkt
hyper is an open-source HTTP library for Rust (crates.io). In hyper from version 0.12.0 and before versions 0....
CVE-2016-10932MEDIUM4.8ten sam produkt
An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-midd...