{"id":"RUSTSEC-2020-0031","summary":"HTTP Request smuggling through malformed Transfer Encoding headers","details":"HTTP pipelining issues and request smuggling attacks are possible due to incorrect \nTransfer encoding header parsing.\n\nIt is possible conduct HTTP request smuggling attacks (CL:TE/TE:TE) by sending invalid Transfer Encoding headers. \n\nBy manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information \nfrom requests other than their own.","aliases":["CVE-2020-35884","GHSA-7v2r-wxmg-mgvc"],"modified":"2023-11-08T04:03:37.438533Z","published":"2020-06-16T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/tiny_http"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2020-0031.html"},{"type":"REPORT","url":"https://github.com/tiny-http/tiny-http/issues/173"}],"affected":[{"package":{"name":"tiny_http","ecosystem":"crates.io","purl":"pkg:cargo/tiny_http"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.6.3"},{"introduced":"0.7.0-0"},{"fixed":"0.8.0"}]}],"ecosystem_specific":{"affects":{"os":[],"arch":[],"functions":[]},"affected_functions":null},"database_specific":{"categories":[],"informational":null,"cvss":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0031.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}]}