175 matches found
CVE-2018-25024
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption...
CVE-2018-25024
CVE-2018-25024 (actix-web) affects the actix-web crate prior to 0.7.15 (Rust). The issue allows unsoundly coercing an immutable reference into a mutable reference, causing memory corruption. Severity is high (NVD CVSS v3.1: 9.8, CRITICAL; CVSS v2: 7.5, HIGH). The provided documents do not specify...
CVE-2018-25025
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption...
CVE-2018-25025
CVE-2018-25025 affects the Rust actix-web crate before version 0.7.15, where it can unsoundly extend the lifetime of a string, leading to memory corruption. The issue is documented with high/critical impact (NVD: CVSS v2 7.5 HIGH; CVSS v3.1 9.8 CRITICAL) and is associated with a network attack su...
CVE-2018-25026
CVE-2018-25026 affects the Rust crate actix-web (before 0.7.15). The vulnerability allows an object that cannot be sent between threads to be marked as Send, enabling memory corruption. This is a Rust web framework issue identified in multiple sources; the core of the problem is the incorrect Sen...
CVE-2018-25026
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption...
DoS Vulnerability from Upstream Actix Web Issues
Impact This vulnerability affects all users of the perseus deploy functionality who have not exported their sites to static files. If you are using the inbuilt Perseus server in production, there is a memory leak in Actix Web stemming from this upstream issue which can allow even a single user to...
GHSA-GJRJ-9RJ4-PGWX DoS Vulnerability from Upstream Actix Web Issues
Impact This vulnerability affects all users of the perseus deploy functionality who have not exported their sites to static files. If you are using the inbuilt Perseus server in production, there is a memory leak in Actix Web stemming from this upstream issue which can allow even a single user to...
NeteaseCloudMusicRustApi (=0.1.1), RustMusic (=0.1.0) +313 more potentially affected by CVE-2021-38512 via actix-http (>=0.1.5 <=1.0.1)
actix-http CARGO version =0.1.5, =0.1.0, =0.8.0, =0.1.8, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2021-38512 Source advisory: OSV:GHSA-8928-2FGM-6X9X...
GHSA-8928-2FGM-6X9X HTTP Request Smuggling in actix-http
Affected versions of this crate did not properly detect invalid requests that could allow HTTP/1 request smuggling HRS attacks when running alongside a vulnerable front-end proxy server. This can result in leaked internal and/or user data, including credentials, when the front-end proxy is also...
HTTP Request Smuggling in actix-http
Affected versions of this crate did not properly detect invalid requests that could allow HTTP/1 request smuggling HRS attacks when running alongside a vulnerable front-end proxy server. This can result in leaked internal and/or user data, including credentials, when the front-end proxy is also...
CLI-game-of-life (=0.1.0), RustyBox (=0.1.0) +1539 more potentially affected by CVE-2020-35922 via mio (=0.7.14)
mio CARGO version =0.7.14 is affected by a known vulnerability. The following packages have a transitive dependency on mio and may be impacted: - CLI-game-of-life =0.1.0 - RustyBox =0.1.0 - RustyVault =0.1.0, =0.1.0, =2.0.0-beta.1, =0.1.0, =0.9.0, =0.9.0, =0.1.0, =0.1.0, =0.1.0, =0.4.0 and more...
NeteaseCloudMusicRustApi (=0.1.1), RustMusic (=0.1.0) +325 more potentially affected by CVE-2020-35902 via actix-codec (>=0.1.2 <=0.2.0)
actix-codec CARGO version =0.1.2, =0.1.0, =0.8.0, =0.1.0, =0.1.8, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.1 - actix-delay =0.1.0 - actix-diesel-actor =0.1.1 and more Source cves: CVE-2020-35902 Source advisory: OSV:GHSA-RQGX-HPG4-456R...
GHSA-RQGX-HPG4-456R Use-after-free in actix-codec
An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed...
Use-after-free in actix-codec
An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed...
GHSA-V3J6-XF77-8R9C Use-after-free in actix-http
An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream...
NeteaseCloudMusicRustApi (=0.1.1), RustMusic (=0.1.0) +313 more potentially affected by CVE-2020-35901 via actix-http (>=0.1.5 <=1.0.1)
actix-http CARGO version =0.1.5, =0.1.0, =0.8.0, =0.1.8, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2020-35901 Source advisory: OSV:GHSA-V3J6-XF77-8R9C...
Use-after-free in actix-http
An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream...
NeteaseCloudMusicRustApi (=0.1.1), RustMusic (=0.1.0) +319 more potentially affected by CVE-2020-35898 via actix-utils (>=0.3.5 <=1.0.6)
actix-utils CARGO version =0.3.5, =0.1.0, =0.8.0, =0.1.0, =0.1.8, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1 and more Source cves: CVE-2020-35898 Source advisory: OSV:GHSA-HHW2-PQHF-VMX2...
GHSA-HHW2-PQHF-VMX2 Use after free in actix-utils
An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data...