crates.io package
hyper
pkg:cargo/hyper
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-32715 | — | < 0.14.10 | 0.14.10 | Jul 7, 2021 | hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a `Content-Length` header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't par | ||
| CVE-2021-32714 | — | < 0.14.10 | 0.14.10 | Jul 7, 2021 | hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allow | ||
| CVE-2021-21299 | — | >= 0.14.0, < 0.14.3 | 0.14.3 | Feb 11, 2021 | hyper is an open-source HTTP library for Rust (crates.io). In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with mult | ||
| CVE-2020-35863 | — | >= 0.11.0, < 0.12.34 | 0.12.34 | Dec 31, 2020 | An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface. | ||
| CVE-2017-18587 | — | >= 0.10.0, < 0.10.2 | 0.10.2 | Aug 26, 2019 | An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers. | ||
| CVE-2016-10932 | — | < 0.9.4 | 0.9.4 | Aug 26, 2019 | An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted. |
- CVE-2021-32715Jul 7, 2021affected < 0.14.10fixed 0.14.10
hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a `Content-Length` header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't par
- CVE-2021-32714Jul 7, 2021affected < 0.14.10fixed 0.14.10
hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allow
- CVE-2021-21299Feb 11, 2021affected >= 0.14.0, < 0.14.3fixed 0.14.3
hyper is an open-source HTTP library for Rust (crates.io). In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with mult
- CVE-2020-35863Dec 31, 2020affected >= 0.11.0, < 0.12.34fixed 0.12.34
An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface.
- CVE-2017-18587Aug 26, 2019affected >= 0.10.0, < 0.10.2fixed 0.10.2
An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers.
- CVE-2016-10932Aug 26, 2019affected < 0.9.4fixed 0.9.4
An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted.