Actix: Security Vulnerabilities
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-12-27
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-12-27
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-12-27
An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. HTTP/1 request smuggling (aka HRS) can occur, potentially leading to credential disclosure.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-08-10
An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data.
CVSS Score
9.1
EPSS Score
0.003
Published
2020-12-31
An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-12-31
An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-12-31
An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-12-31