crates.io package
actix-http
pkg:cargo/actix-http
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-38512 | — | < 2.2.1 | 2.2.1 | Aug 10, 2021 | An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. HTTP/1 request smuggling (aka HRS) can occur, potentially leading to credential disclosure. | ||
| CVE-2020-35901 | — | < 2.0.0 | 2.0.0 | Dec 31, 2020 | An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream. |
- CVE-2021-38512Aug 10, 2021affected < 2.2.1fixed 2.2.1
An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. HTTP/1 request smuggling (aka HRS) can occur, potentially leading to credential disclosure.
- CVE-2020-35901Dec 31, 2020affected < 2.0.0fixed 2.0.0
An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream.