Hyperium Hyper vulnerabilities

CVE-2021-32714 [CRITICAL] CWE-190 CVE-2021-32714: hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes larger than hyper does, can result in "request smugglin

CVE-2021-32715 [MEDIUM] CWE-444 CVE-2021-32715: hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a `Content-Length` header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such `Content-Length` headers, but forwards them, can result in "req

CVE-2021-21299 [HIGH] CWE-444 CVE-2021-21299: hyper is an open-source HTTP library for Rust (crates.io). In hyper from version 0.12.0 and before v hyper is an open-source HTTP library for Rust (crates.io). In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with multiple transfer-encoding headers to have a chunked payload, when it should