2 matches found
CVE-2021-38512
CVE-2021-38512 affects the actix-http crate for Rust, with the vulnerability in HTTP/1 request handling (HRS) present in versions before 3.0.0-beta.9. The issue can lead to credential disclosure when interacting with a vulnerable front-end proxy. Affected component: actix-http (Rust). Root cause:...
CVE-2020-35901
CVE-2020-35901 affects the actix-http crate for Rust, with exploitation possible via a use-after-free in BodyStream caused by lack of pinning. The issue is tied to the crate’s handling of buffers and memory location, and is mitigated by upgrading to a fixed version (2.0.0-alpha.1) or later as ind...