CVE-2020-35884
https://notcve.org/view.php?id=CVE-2020-35884
An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header. Se detectó un problema en la crate tiny_http hasta el 16-06-2020 para Rust. El tráfico no autorizado de peticiones HTTP puede ocurrir por medio de un encabezado Transfer-Encoding malformado. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3JDNRE5RXJOWZZZF5QSCG4GUCSLTHF2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VO6SRTCEPEYO2OX647I3H5XUWLFDRDWL https://rustsec.org/advisories/RUSTSEC-2020-0031.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2017-16097
https://notcve.org/view.php?id=CVE-2017-16097
tiny-http is a simple http server. tiny-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. "tiny-http" es un servidor http sencillo. "tiny-http" es vulnerable a un problema de salto de directorio que otorga a un atacante acceso al sistema de archivos colocando "../" en la URL. • https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/tiny- https://nodesecurity.io/advisories/342 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-1000096
https://notcve.org/view.php?id=CVE-2018-1000096
brianleroux tiny-json-http version all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8 (Oct 29 2016) contains a Missing SSL certificate validation vulnerability in The libraries core functionality is affected. that can result in Exposes the user to man-in-the-middle attacks. brianleroux tiny-json-http, en todas las versiones desde el commit con ID 9b8e74a232bba4701844e07bcba794173b0238a8 (29 de octubre de 2016), contiene una vulnerabilidad de falta de certificado SSL que afecta a la funcionalidad core de bibliotecas. Esto puede resultar en la exposición del usuario a ataques Man-in-the-Middle (MitM). • https://github.com/ossf-cve-benchmark/CVE-2018-1000096 https://github.com/brianleroux/tiny-json-http/pull/15 • CWE-295: Improper Certificate Validation •