Your submission was sent successfully! Close

CVE-2020-35863

Published: 31 December 2020

An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
rust-hyper
Launchpad, Ubuntu, Debian
Upstream
Released (0.12.35-1)
Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(0.12.35-1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist