4 matches found
CVE-2022-39294
conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::tobytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a...
CVE-2022-39294 (DoS) Denial of Service from unchecked request length in conduit-hyper
conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::tobytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a...
CVE-2022-39294
CVE-2022-39294 affects conduit-hyper prior to 0.4.2, a Rust crate that integrates conduit with hyper. The root cause is that earlier versions did not enforce any limit on the request length before calling hyper::body::to_bytes, allowing an attacker to send a malicious request with an abnormally l...
sentry-conduit (>=0.1.0 <=0.3.0) potentially affected by CVE-2022-39294 via conduit-hyper (=0.3.0)
conduit-hyper CARGO version =0.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on conduit-hyper and may be impacted: - sentry-conduit =0.1.0, =0.3.0 Source cves: CVE-2022-39294 Source advisory: OSV:RUSTSEC-2022-0066...