From 2c07ef20b3274cf4b37efaf21779ce0ca7ba82b3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 21 Dec 2020 22:03:06 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/26xxx/CVE-2020-26281.json | 2 +- 2020/35xxx/CVE-2020-35617.json | 18 ++++++++++++++++++ 2020/35xxx/CVE-2020-35618.json | 18 ++++++++++++++++++ 2020/35xxx/CVE-2020-35619.json | 18 ++++++++++++++++++ 2020/35xxx/CVE-2020-35620.json | 18 ++++++++++++++++++ 2020/35xxx/CVE-2020-35621.json | 18 ++++++++++++++++++ 6 files changed, 91 insertions(+), 1 deletion(-) create mode 100644 2020/35xxx/CVE-2020-35617.json create mode 100644 2020/35xxx/CVE-2020-35618.json create mode 100644 2020/35xxx/CVE-2020-35619.json create mode 100644 2020/35xxx/CVE-2020-35620.json create mode 100644 2020/35xxx/CVE-2020-35621.json diff --git a/2020/26xxx/CVE-2020-26281.json b/2020/26xxx/CVE-2020-26281.json index 3d33b022f09..430d901d1a1 100644 --- a/2020/26xxx/CVE-2020-26281.json +++ b/2020/26xxx/CVE-2020-26281.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "async-h1 is an asynchronous HTTP/1.1 parser for Rust (crates.io). There is a request smuggling vulnerability in async-h1 before version 2.3.0.\nThis vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all such Tide applications. \nIf the server does not read the body of a request which is longer than some buffer length, async-h1 will attempt to read a subsequent request from the body content starting at that offset into the body.\nOne way to exploit this vulnerability would be for an adversary to craft a request such that the body contains a request that would not be noticed by a reverse proxy, allowing it to forge forwarded/x-forwarded headers. If an application trusted the authenticity of these headers, it could be misled by the smuggled request. \nAnother potential concern with this vulnerability is that if a reverse proxy is sending multiple http clients' requests along the same keep-alive connection, it would be possible for the smuggled request to specify a long content and capture another user's request in its body. This content could be captured in a post request to an endpoint that allows the content to be subsequently retrieved by the adversary.\n\nThis has been addressed in async-h1 2.3.0 and previous versions have been yanked." + "value": "async-h1 is an asynchronous HTTP/1.1 parser for Rust (crates.io). There is a request smuggling vulnerability in async-h1 before version 2.3.0. This vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all such Tide applications. If the server does not read the body of a request which is longer than some buffer length, async-h1 will attempt to read a subsequent request from the body content starting at that offset into the body. One way to exploit this vulnerability would be for an adversary to craft a request such that the body contains a request that would not be noticed by a reverse proxy, allowing it to forge forwarded/x-forwarded headers. If an application trusted the authenticity of these headers, it could be misled by the smuggled request. Another potential concern with this vulnerability is that if a reverse proxy is sending multiple http clients' requests along the same keep-alive connection, it would be possible for the smuggled request to specify a long content and capture another user's request in its body. This content could be captured in a post request to an endpoint that allows the content to be subsequently retrieved by the adversary. This has been addressed in async-h1 2.3.0 and previous versions have been yanked." } ] }, diff --git a/2020/35xxx/CVE-2020-35617.json b/2020/35xxx/CVE-2020-35617.json new file mode 100644 index 00000000000..a95ca970cad --- /dev/null +++ b/2020/35xxx/CVE-2020-35617.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-35617", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/35xxx/CVE-2020-35618.json b/2020/35xxx/CVE-2020-35618.json new file mode 100644 index 00000000000..1e5a63e5745 --- /dev/null +++ b/2020/35xxx/CVE-2020-35618.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-35618", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/35xxx/CVE-2020-35619.json b/2020/35xxx/CVE-2020-35619.json new file mode 100644 index 00000000000..0fc38d48c57 --- /dev/null +++ b/2020/35xxx/CVE-2020-35619.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-35619", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/35xxx/CVE-2020-35620.json b/2020/35xxx/CVE-2020-35620.json new file mode 100644 index 00000000000..b47479de823 --- /dev/null +++ b/2020/35xxx/CVE-2020-35620.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-35620", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/35xxx/CVE-2020-35621.json b/2020/35xxx/CVE-2020-35621.json new file mode 100644 index 00000000000..c93567c58d0 --- /dev/null +++ b/2020/35xxx/CVE-2020-35621.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-35621", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file