3.1 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
5.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
38.8%
hyper is an HTTP library for rust. hyper’s HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length
header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn’t parse such Content-Length
headers, but forwards them, can result in “request smuggling” or “desync attacks”. The flaw exists in all prior versions of hyper prior to 0.14.10, if built with rustc
v1.5.0 or newer. The vulnerability is patched in hyper version 0.14.10. Two workarounds exist: One may reject requests manually that contain a plus sign prefix in the Content-Length
header or ensure any upstream proxy handles Content-Length
headers with a plus sign prefix.
[
{
"product": "hyper",
"vendor": "hyperium",
"versions": [
{
"status": "affected",
"version": "< 0.14.10"
}
]
}
]
3.1 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
5.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
38.8%