CVE-2021-32715: Lenient Parsing of Content-Length Header When Prefixed with Plus Sign
(updated )
hyper’s HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn’t parse such Content-Length headers, but forwards them, can result in “request smuggling” or “desync attacks”.
References
- github.com/advisories/GHSA-f3pg-qwvg-p99c
- github.com/hyperium/hyper
- github.com/hyperium/hyper/commit/1fb719e0b61a4f3d911562a436a2ff05fd7cb759
- github.com/hyperium/hyper/security/advisories/GHSA-f3pg-qwvg-p99c
- github.com/rust-lang/rust/pull/28826/commits/123a83326fb95366e94a3be1a74775df4db97739
- nvd.nist.gov/vuln/detail/CVE-2021-32715
- rustsec.org/advisories/RUSTSEC-2021-0078.html
Detect and mitigate CVE-2021-32715 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →