5 matches found
CVE-2024-23644
creationtimestamp| type| source ---|---|--- 2024-01-24 21:26:37+00:00| seen| https://t.me/ctinow/173096 2024-01-26 14:51:39+00:00| seen| https://t.me/arpsyndicate/2974 2024-02-18 10:48:46+00:00| seen| https://t.me/ctinow/187207...
objstor (>=0.4.6 <=0.4.20), rblog (>=0.100.0 <=0.123.0) +16 more potentially affected by CVE-2024-23644 via trillium-http (=0.2.14)
trillium-http CARGO version =0.2.14 is affected by a known vulnerability. The following packages have a transitive dependency on trillium-http and may be impacted: - objstor =0.4.6, =0.100.0, =0.2.0, =0.2.0-rc.1, =0.1.0, =0.2.0, =0.0.1, =0.2.0, =0.3.0, =0.2.0, =0.3.1, =0.4.2 and more Source cves:...
CVE-2024-23644
CVE-2024-23644 affects Trillium, specifically the crates trillium-http (versions prior to 0.3.12) and trillium-client (prior to 0.5.4). The issue is improper validation of outbound header values and names, where header values/names can be constructed infallibly and may contain illegal bytes. If a...
CVE-2024-23644 trillium-http and trillium-client vulnerable to HTTP Request/Response Splitting
Trillium is a composable toolkit for building internet applications with async rust. In trillium-http prior to 0.3.12 and trillium-client prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have...
objstor (>=0.4.6 <=0.4.20), rblog (>=0.100.0 <=0.123.0) +16 more potentially affected by CVE-2024-23644 via trillium-http (=0.2.14)
trillium-http CARGO version =0.2.14 is affected by a known vulnerability. The following packages have a transitive dependency on trillium-http and may be impacted: - objstor =0.4.6, =0.100.0, =0.2.0, =0.2.0-rc.1, =0.1.0, =0.2.0, =0.0.1, =0.2.0, =0.3.0, =0.2.0, =0.3.1, =0.4.2 and more Source cves:...