Open mend-bolt-for-github[bot] opened 1 year ago
hyper-0.13.6.crate
A fast and correct HTTP library.
Library home page: https://crates.io/api/v1/crates/hyper/0.13.6/download
Path to dependency file: /third_party/rust_crates/Cargo.toml
Path to vulnerable library: /third_party/rust_crates/Cargo.toml
Dependency Hierarchy: - :x: **hyper-0.13.6.crate** (Vulnerable Library)
Library home page: https://crates.io/api/v1/crates/hyper/0.13.2/download
Path to dependency file: /third_party/rust_crates/vendor/hyper-rustls/Cargo.toml
Path to vulnerable library: /third_party/rust_crates/vendor/hyper-rustls/Cargo.toml
Dependency Hierarchy: - :x: **hyper-0.13.2.crate** (Vulnerable Library)
Found in HEAD commit: 4ec0c406a28f193fe6e7376ee7696cca0532d4ba
Found in base branch: master
Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks.
Publish Date: 2023-02-21
URL: CVE-2022-31394
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
Type: Upgrade version
Release Date: 2023-02-21
Fix Resolution: hyper - v0.14.19
Step up your Open Source Security Game with Mend here
CVE-2022-31394 - High Severity Vulnerability
hyper-0.13.6.crate
A fast and correct HTTP library.
Library home page: https://crates.io/api/v1/crates/hyper/0.13.6/download
Path to dependency file: /third_party/rust_crates/Cargo.toml
Path to vulnerable library: /third_party/rust_crates/Cargo.toml
Dependency Hierarchy: - :x: **hyper-0.13.6.crate** (Vulnerable Library)
hyper-0.13.2.crate
A fast and correct HTTP library.
Library home page: https://crates.io/api/v1/crates/hyper/0.13.2/download
Path to dependency file: /third_party/rust_crates/vendor/hyper-rustls/Cargo.toml
Path to vulnerable library: /third_party/rust_crates/vendor/hyper-rustls/Cargo.toml
Dependency Hierarchy: - :x: **hyper-0.13.2.crate** (Vulnerable Library)
Found in HEAD commit: 4ec0c406a28f193fe6e7376ee7696cca0532d4ba
Found in base branch: master
Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks.
Publish Date: 2023-02-21
URL: CVE-2022-31394
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Release Date: 2023-02-21
Fix Resolution: hyper - v0.14.19
Step up your Open Source Security Game with Mend here