CVE-2021-38512

CVE-2021-38512 affects the actix-http crate for Rust, with the vulnerability in HTTP/1 request handling (HRS) present in versions before 3.0.0-beta.9. The issue can lead to credential disclosure when interacting with a vulnerable front-end proxy. Affected component: actix-http (Rust). Root cause:...

CVE-2021-38512

An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. HTTP/1 request smuggling aka HRS can occur, potentially leading to credential disclosure...

Actix-http 环境问题漏洞

Actix-http is the HTTP primitive for the Actix ecosystem. An environmental issue vulnerability exists in Actix-http that stems from the product's failure to detect HTTP HRS requests, which can be exploited by an attacker to cause a credential disclosure. The following products and versions are...

NeteaseCloudMusicRustApi (=0.1.1), RustMusic (=0.1.0) +313 more potentially affected by CVE-2021-38512 via actix-http (>=0.1.5 <=1.0.1)

actix-http CARGO version =0.1.5, =0.1.0, =0.8.0, =0.1.8, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2021-38512 Source advisory: OSV:RUSTSEC-2021-0081...

CVE-2020-35901

An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream...

Design/Logic Flaw

An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream...

CVE-2020-35901

An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream...

CVE-2020-35901

CVE-2020-35901 affects the actix-http crate for Rust, with exploitation possible via a use-after-free in BodyStream caused by lack of pinning. The issue is tied to the crate’s handling of buffers and memory location, and is mitigated by upgrading to a fixed version (2.0.0-alpha.1) or later as ind...

Rust Resource Management Error Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust actix-http crate before 2.0.0-alpha.1, which stems from BodyStream having a use-after-free...

NeteaseCloudMusicRustApi (=0.1.1), RustMusic (=0.1.0) +313 more potentially affected by CVE-2020-35901 via actix-http (>=0.1.5 <=1.0.1)

actix-http CARGO version =0.1.5, =0.1.0, =0.8.0, =0.1.8, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2020-35901 Source advisory: OSV:RUSTSEC-2020-0048...