Lucene search
+L

5 matches found

Circl
Circl
added 2024/01/24 9:26 p.m.8 views

CVE-2024-23644

creationtimestamp| type| source ---|---|--- 2024-01-24 21:26:37+00:00| seen| https://t.me/ctinow/173096 2024-01-26 14:51:39+00:00| seen| https://t.me/arpsyndicate/2974 2024-02-18 10:48:46+00:00| seen| https://t.me/ctinow/187207...

8.1CVSS7.8AI score0.00632EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2024/01/24 8:20 p.m.5 views

objstor (>=0.4.6 <=0.4.20), rblog (>=0.100.0 <=0.123.0) +16 more potentially affected by CVE-2024-23644 via trillium-http (=0.2.14)

trillium-http CARGO version =0.2.14 is affected by a known vulnerability. The following packages have a transitive dependency on trillium-http and may be impacted: - objstor =0.4.6, =0.100.0, =0.2.0, =0.2.0-rc.1, =0.1.0, =0.2.0, =0.0.1, =0.2.0, =0.3.0, =0.2.0, =0.3.1, =0.4.2 and more Source cves:...

8.1CVSS7.2AI score0.00632EPSS
Exploits0
CVE
CVE
added 2024/01/24 7:38 p.m.65 views

CVE-2024-23644

CVE-2024-23644 affects Trillium, specifically the crates trillium-http (versions prior to 0.3.12) and trillium-client (prior to 0.5.4). The issue is improper validation of outbound header values and names, where header values/names can be constructed infallibly and may contain illegal bytes. If a...

8.1CVSS8.1AI score0.00632EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2024/01/24 7:38 p.m.30 views

CVE-2024-23644 trillium-http and trillium-client vulnerable to HTTP Request/Response Splitting

Trillium is a composable toolkit for building internet applications with async rust. In trillium-http prior to 0.3.12 and trillium-client prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have...

6.8CVSS7.9AI score0.00632EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2024/01/23 12:0 p.m.4 views

objstor (>=0.4.6 <=0.4.20), rblog (>=0.100.0 <=0.123.0) +16 more potentially affected by CVE-2024-23644 via trillium-http (=0.2.14)

trillium-http CARGO version =0.2.14 is affected by a known vulnerability. The following packages have a transitive dependency on trillium-http and may be impacted: - objstor =0.4.6, =0.100.0, =0.2.0, =0.2.0-rc.1, =0.1.0, =0.2.0, =0.0.1, =0.2.0, =0.3.0, =0.2.0, =0.3.1, =0.4.2 and more Source cves:...

8.1CVSS7.2AI score0.00632EPSS
Exploits0
Rows per page
Query Builder