Vulnerability Details CVE-2020-36202
An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.5%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2020-36202
-
cpe:2.3:a:rust-lang:async-h1:-
-
cpe:2.3:a:rust-lang:async-h1:0.0.0
-
cpe:2.3:a:rust-lang:async-h1:1.0.0
-
cpe:2.3:a:rust-lang:async-h1:1.0.1
-
cpe:2.3:a:rust-lang:async-h1:1.0.2
-
cpe:2.3:a:rust-lang:async-h1:1.1.0
-
cpe:2.3:a:rust-lang:async-h1:1.1.1
-
cpe:2.3:a:rust-lang:async-h1:1.1.2
-
cpe:2.3:a:rust-lang:async-h1:2.0.0
-
cpe:2.3:a:rust-lang:async-h1:2.0.1
-
cpe:2.3:a:rust-lang:async-h1:2.0.2
-
cpe:2.3:a:rust-lang:async-h1:2.1.0
-
cpe:2.3:a:rust-lang:async-h1:2.1.1
-
cpe:2.3:a:rust-lang:async-h1:2.1.2
-
cpe:2.3:a:rust-lang:async-h1:2.1.3
-
cpe:2.3:a:rust-lang:async-h1:2.1.4
-
cpe:2.3:a:rust-lang:async-h1:2.2.0
-
cpe:2.3:a:rust-lang:async-h1:2.2.1