Tiny-Http Project: >> Tiny-Http Security Vulnerabilities
An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-12-31
tiny-http is a simple http server. tiny-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-07