-
Notifications
You must be signed in to change notification settings - Fork 353
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #255 from DemiMarie-parity/smuggling
Add hyper request smuggling vulnerability
- Loading branch information
Showing
1 changed file
with
27 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
[advisory] | ||
id = "RUSTSEC-0000-0000" | ||
package = "hyper" | ||
date = "2020-03-19" | ||
title = "Flaw in hyper allows request smuggling by sending a body in GET requests" | ||
url = "https://github.com/hyperium/hyper/issues/1925" | ||
categories = ["format-injection"] | ||
keywords = ["http", "request-smuggling"] | ||
|
||
description = """ | ||
Vulnerable versions of hyper allow GET requests to have bodies, even if there is | ||
no Transfer-Encoding or Content-Length header. As per the HTTP 1.1 | ||
specification, such requests do not have bodies, so the body will be interpreted | ||
as a separate HTTP request. | ||
This allows an attacker who can control the body and method of an HTTP request | ||
made by hyper to inject a request with headers that would not otherwise be | ||
allowed, as demonstrated by sending a malformed HTTP request from a Substrate | ||
runtime. This allows bypassing CORS restrictions. In combination with other | ||
vulnerabilities, such as an exploitable web server listening on loopback, it may | ||
allow remote code execution. | ||
The flaw was corrected in hyper version 0.12.35. | ||
""" | ||
|
||
[versions] | ||
patched = [">= 0.12.35"] |