{"id":"CVE-2022-3212","details":"\u003cbytes::Bytes as axum_core::extract::FromRequest\u003e::from_request would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large (or infinite) body your server might run out of memory and crash. This also applies to these extractors which used Bytes::from_request internally: axum::extract::Form axum::extract::Json String","aliases":["GHSA-m77f-652q-wwp4","RUSTSEC-2022-0055"],"modified":"2026-03-14T11:44:43.375814Z","published":"2022-09-14T16:15:11.883Z","references":[{"type":"FIX","url":"https://rustsec.org/advisories/RUSTSEC-2022-0055.html"},{"type":"EVIDENCE","url":"https://research.jfrog.com/vulnerabilities/axum-core-dos/"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3212.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"0.2.8"}]},{"events":[{"introduced":"0"},{"last_affected":"0.3.0-rc1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}