logo

Database

Server side cross-site scripting In async-h1

Description

Async-h1 request smuggling possible with long unread bodies An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2020-362022. NVD-2020-362023. OSV-2020-362024. GCVE-2020-36202

References

1. https://github.com/http-rs/async-h1/releases/tag/v2.3.02. https://rustsec.org/advisories/RUSTSEC-2020-0093.html

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.