Lucene search

CVE-2021-21299

🗓️ 11 Feb 2021 18:16:15Reported by GitHub_MType

hyper: vulnerability in versions 0.12.0 to 0.13.10 and 0.14.3 allows request smuggling attack. Fixed in 0.13.10 and 0.14.3

Reporter	Title	Published	Views	Family All 15
RustSec	Multiple Transfer-Encoding headers misinterprets request payload	5 Feb 202112:00	–	rustsec
OSV	OPENSUSE-SU-2024:12239-1 wayshot-1.1.9-1.1 on GA media	15 Jun 202400:00	–	osv
OSV	CVE-2021-21299	11 Feb 202118:15	–	osv
OSV	HTTP Request Smuggling in hyper	25 Aug 202120:56	–	osv
OSV	Multiple Transfer-Encoding headers misinterprets request payload	5 Feb 202112:00	–	osv
OSV	OPENSUSE-SU-2024:12274-1 spotifyd-0.3.3-9.1 on GA media	15 Jun 202400:00	–	osv
OSV	OPENSUSE-SU-2024:12238-1 tuigreet-0.7.1-6.1 on GA media	15 Jun 202400:00	–	osv
Prion	Design/Logic Flaw	11 Feb 202118:15	–	prion
NVD	CVE-2021-21299	11 Feb 202118:15	–	nvd
NVD	CVE-2021-26959	9 Feb 202123:15	–	nvd

Nvd

Vulners

Node

hyper hyperRange0.12.0–0.13.10rust

hyper hyperRange0.14.0–0.14.3rust

[
  {
    "product": "hyper",
    "vendor": "hyperium",
    "versions": [
      {
        "status": "affected",
        "version": "< 0.13.10"
      },
      {
        "status": "affected",
        "version": ">= 0.14.0, < 0.14.3"
      }
    ]
  }
]

Source	Link
portswigger	www.portswigger.net/research/http-desync-attacks-request-smuggling-reborn
github	www.github.com/hyperium/hyper/security/advisories/GHSA-6hfq-h8hq-87mf
github	www.github.com/hyperium/hyper/commit/8f93123efef5c1361086688fe4f34c83c89cec02
rustsec	www.rustsec.org/advisories/RUSTSEC-2021-0020.html
crates	www.crates.io/crates/hyper

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

11 Feb 2021 18:15Current

6.4Medium risk

Vulners AI Score6.4

CVSS26.8

CVSS34.8 - 8.1

EPSS0.00321

CWE-444