GHSA-2gg5-7c4v-6xx2 – axum-core

Package

Manager: cargo
Name: axum-core
Vulnerable Version: <0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Duplicate of GHSA-m77f-652q-wwp4 ## Duplicate advisory This advisory is a duplicate of [GHSA-m77f-652q-wwp4](https://github.com/advisories/GHSA-m77f-652q-wwp4). This link is maintained to preserve external references. ## Original Description <bytes::Bytes as axum_core::extract::FromRequest>::from_request would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large (or infinite) body your server might run out of memory and crash. This also applies to these extractors which used Bytes::from_request internally: axum::extract::Form axum::extract::Json String

Metadata

Created: 2022-09-15T00:00:19Z
Modified: 2022-09-19T20:19:08Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-2gg5-7c4v-6xx2/GHSA-2gg5-7c4v-6xx2.json
CWE IDs: ["CWE-770"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0