Design/Logic Flaw

2020-12-3110:15:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.1%

JSON

An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header.

CPENameOperatorVersion
fedoraeq34
fedoraeq35
tiny-httple0.7.0

Name	Operator	Version
fedora	eq	34
fedora	eq	35
tiny-http	le	0.7.0

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3JDNRE5RXJOWZZZF5QSCG4GUCSLTHF2/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VO6SRTCEPEYO2OX647I3H5XUWLFDRDWL/

rustsec.org/advisories/RUSTSEC-2020-0031.html