46 matches found
tide is unmaintained
The tide crate is unmaintained, and all versions are affected. The closest maintained alternative might be trillium. See this issue for more context...
RUSTSEC-2026-0170 tide is unmaintained
The tide crate is unmaintained, and all versions are affected. The closest maintained alternative might be trillium. See this issue for more context...
Google Launches 'Private AI Compute' — Secure AI Processing with On-Device-Level Privacy
Google on Tuesday unveiled a new privacy-enhancing technology called Private AI Compute to process artificial intelligence AI queries in a secure platform in the cloud. The company said it has built Private AI Compute to "unlock the full speed and power of Gemini cloud models for AI experiences,...
EUVD-2024-0313
Malicious code in bioql PyPI...
objstor (>=0.4.6 <=0.4.20), trillium-acme (>=0.1.0 <=0.1.1) +2 more potentially affected by CVE-2024-23644 via trillium-client (>=0.2.2 <=0.4.9)
trillium-client CARGO version =0.2.2, =0.4.6, =0.1.0, =0.2.0, =0.5.0 Source cves: CVE-2024-23644 Source advisory: OSV:GHSA-9F9P-CP3C-72JF...
GHSA-9F9P-CP3C-72JF Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client
Summary Insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over outbound headers. Details Outbound trilliumhttp::HeaderValue and trilliumhttp::HeaderName can be constructed infallibly a...
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client
Summary Insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over outbound headers. Details Outbound trilliumhttp::HeaderValue and trilliumhttp::HeaderName can be constructed infallibly a...
objstor (>=0.4.6 <=0.4.20), rblog (>=0.100.0 <=0.123.0) +16 more potentially affected by CVE-2024-23644 via trillium-http (=0.2.14)
trillium-http CARGO version =0.2.14 is affected by a known vulnerability. The following packages have a transitive dependency on trillium-http and may be impacted: - objstor =0.4.6, =0.100.0, =0.2.0, =0.2.0-rc.1, =0.1.0, =0.2.0, =0.0.1, =0.2.0, =0.3.0, =0.2.0, =0.3.1, =0.4.2 and more Source cves:...
CVE-2024-23644
Trillium is a composable toolkit for building internet applications with async rust. In trillium-http prior to 0.3.12 and trillium-client prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have...
Input validation
Trillium is a composable toolkit for building internet applications with async rust. In trillium-http prior to 0.3.12 and trillium-client prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have...
CVE-2024-23644
CVE-2024-23644 affects Trillium, specifically the crates trillium-http (versions prior to 0.3.12) and trillium-client (prior to 0.5.4). The issue is improper validation of outbound header values and names, where header values/names can be constructed infallibly and may contain illegal bytes. If a...
CVE-2024-23644 trillium-http and trillium-client vulnerable to HTTP Request/Response Splitting
Trillium is a composable toolkit for building internet applications with async rust. In trillium-http prior to 0.3.12 and trillium-client prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have...
CVE-2024-23644 trillium-http and trillium-client vulnerable to HTTP Request/Response Splitting
Trillium is a composable toolkit for building internet applications with async rust. In trillium-http prior to 0.3.12 and trillium-client prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have...
Trillium Injection Vulnerability
Trillium is a composable toolkit from the Trillium community for building Internet applications using asynchronous Rust. An injection vulnerability exists in Trillium versions prior to 0.3.12 and 0.5.x prior to 0.5.4, which stems from insufficient header validation and may result in a split reque...
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
Summary Insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over outbound headers. Details Outbound trilliumhttp::HeaderValue and trilliumhttp::HeaderName can be constructed infallibly a...
objstor (>=0.4.6 <=0.4.20), trillium-acme (>=0.1.0 <=0.1.1) +2 more potentially affected by CVE-2024-23644 via trillium-client (>=0.2.2 <=0.4.9)
trillium-client CARGO version =0.2.2, =0.4.6, =0.1.0, =0.2.0, =0.5.0 Source cves: CVE-2024-23644 Source advisory: OSV:RUSTSEC-2024-0008...
objstor (>=0.4.6 <=0.4.20), rblog (>=0.100.0 <=0.123.0) +16 more potentially affected by CVE-2024-23644 via trillium-http (=0.2.14)
trillium-http CARGO version =0.2.14 is affected by a known vulnerability. The following packages have a transitive dependency on trillium-http and may be impacted: - objstor =0.4.6, =0.100.0, =0.2.0, =0.2.0-rc.1, =0.1.0, =0.2.0, =0.0.1, =0.2.0, =0.3.0, =0.2.0, =0.3.1, =0.4.2 and more Source cves:...
PT-2024-19995 · Unknown · Trillium-Http +1
Name of the Vulnerable Software and Affected Versions: trillium-http versions prior to 0.3.12 trillium-client versions prior to 0.5.4 Description: Insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have...
SUSE CVE-2015-0444
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality based on Trillium, a different vulnerability than CVE-2015-0443,...
What We’re Looking Forward to at AWS re:Inforce
AWS re:Inforce 2022 starts tomorrow — Tuesday, July 26th — and we couldn't be more excited to gather with the tech, cloud, and security communities in our home city of Boston. Here's a sneak peek of the highlights to come at re:Inforce and what we're looking forward to the most this Tuesday and...