CVE-2021-38512

Summary:

An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. HTTP/1 request smuggling (aka HRS) can occur, potentially leading to credential disclosure.

Reference Links(if available):

https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/actix-http/RUSTSEC-2021-0081.md

https://rustsec.org/advisories/RUSTSEC-2021-0081.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/67URRW4K47SR6LNQB4YALPLGGQMQK7HO/

CVSS Score (if available)

v2: / MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N

v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Links to Exploits(if available)

Tags: CVE, CVE-2021-38512, exploit, MISC, vulnerability

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

CISA: CISA Releases Three Industrial Control Systems Advisories

CISA: CISA Releases Four Industrial Control Systems Advisories

CISA: Oracle Releases Critical Patch Update Advisory for April 2024

CISA: Joint Guidance on Deploying AI Systems Securely

CISA: CISA and Partners Release Advisory on Akira Ransomware

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

You may have missed

CISA: CISA Releases Three Industrial Control Systems Advisories

CISA: CISA Releases Four Industrial Control Systems Advisories

CISA: Oracle Releases Critical Patch Update Advisory for April 2024

CISA: Joint Guidance on Deploying AI Systems Securely

CISA: CISA and Partners Release Advisory on Akira Ransomware