175 matches found
CVE-2021-38512
An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. HTTP/1 request smuggling aka HRS can occur, potentially leading to credential disclosure...
Actix-http 环境问题漏洞
Actix-http is the HTTP primitive for the Actix ecosystem. An environmental issue vulnerability exists in Actix-http that stems from the product's failure to detect HTTP HRS requests, which can be exploited by an attacker to cause a credential disclosure. The following products and versions are...
NeteaseCloudMusicRustApi (=0.1.1), RustMusic (=0.1.0) +313 more potentially affected by CVE-2021-38512 via actix-http (>=0.1.5 <=1.0.1)
actix-http CARGO version =0.1.5, =0.1.0, =0.8.0, =0.1.8, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2021-38512 Source advisory: OSV:RUSTSEC-2021-0081...
actix-broker (>=0.1.3 <=0.1.7), actix-diesel (>=0.1.0 <=0.3.0) +894 more potentially affected by unknown CVE via cpuid-bool (>=0.1.2 <=0.2.0)
cpuid-bool CARGO version =0.1.2, =0.1.3, =0.1.0, =0.3.0, =0.3.0, =0.5.1, =0.0.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2021-0064...
actinium226-librespot (=0.4.3), actinium226-librespot-connect (=0.4.3) +939 more potentially affected by unknown CVE via aes-soft (=0.6.4)
aes-soft CARGO version =0.6.4 is affected by a known vulnerability. The following packages have a transitive dependency on aes-soft and may be impacted: - actinium226-librespot =0.4.3 - actinium226-librespot-connect =0.4.3 - actinium226-librespot-playback =0.4.3, =0.1.3, =0.1.0, =0.3.0, =0.3.0,...
actinium226-librespot (=0.4.3), actinium226-librespot-connect (=0.4.3) +924 more potentially affected by unknown CVE via aesni (>=0.10.0 <=0.9.0)
aesni CARGO version =0.10.0, =0.4.3, =0.1.3, =0.1.0, =0.3.0, =0.3.0, =0.5.1, =0.0.2, =0.1.0, =0.1.0, =0.2.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2021-0059...
CVE-2020-35901
An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream...
CVE-2020-35898
An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data...
CVE-2020-35899
An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data...
CVE-2020-35899
An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data...
CVE-2020-35898
An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data...
CVE-2020-35902
An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed...
CVE-2020-35902
An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed...
Design/Logic Flaw
An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed...
Code injection
An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data...
Design/Logic Flaw
An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream...
CVE-2020-35898
CVE-2020-35898 affects the actix-utils crate for Rust, prior to version 2.0.0. The root cause is a bespoke Cell implementation that does not properly track mutable references, allowing multiple mutable references to the same data. Impact: potential memory corruption or use-after-free scenarios; e...
CVE-2020-35898
An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data...
CVE-2020-35899
CVE-2020-35899 concerns the actix-service crate for Rust prior to 1.0.6, where a bespoke Cell implementation may allow obtaining multiple mutable references to the same data. This root cause can enable use-after-free-like behavior and memory corruption. Several connected sources confirm the issue...
CVE-2020-35899
An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data...