CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-25009
https://notcve.org/view.php?id=CVE-2019-25009
An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness. Se detectó un problema en la crate http versiones anteriores a 0.1.20 para Rust. La API de la función HeaderMap::Drain puede usar un puntero sin procesar, derrotando la solidez. • https://rustsec.org/advisories/RUSTSEC-2019-0034.html • CWE-415: Double Free •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-35669
https://notcve.org/view.php?id=CVE-2020-35669
An issue was discovered in the http package through 0.12.2 for Dart. If the attacker controls the HTTP method and the app is using Request directly, it's possible to achieve CRLF injection in an HTTP request. Se detectó un problema en el paquete http versiones hasta 0.12.2 para Dart. Si el atacante controla el método HTTP y la aplicación está usando una Request directamente, es posible lograr una inyección de CRLF en una petición HTTP • https://github.com/n0npax/CVE-2020-35669 https://github.com/dart-lang/http/blob/master/CHANGELOG.md#0133 https://github.com/dart-lang/http/issues/511 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25574
https://notcve.org/view.php?id=CVE-2020-25574
An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop). Se detectó un problema en la crate http versiones anteriores a 0.1.20 para Rust. Un desbordamiento de enteros en la función HeaderMap::reserve() podría resultar en denegación de servicio (por ejemplo, un bucle infinito) • https://github.com/hyperium/http/issues/352 https://rustsec.org/advisories/RUSTSEC-2019-0033.html • CWE-190: Integer Overflow or Wraparound CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •