{"api_version":"1","generated_at":"2026-04-23T04:11:01+00:00","cve":"CVE-2020-35863","urls":{"html":"https://cve.report/CVE-2020-35863","api":"https://cve.report/api/cve/CVE-2020-35863.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-35863","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-35863"},"summary":{"title":"CVE-2020-35863","description":"An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-12-31 10:15:00","updated_at":"2021-07-21 11:39:00"},"problem_types":["CWE-444"],"metrics":[],"references":[{"url":"https://rustsec.org/advisories/RUSTSEC-2020-0008.html","name":"https://rustsec.org/advisories/RUSTSEC-2020-0008.html","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"About RustSec › RustSec Advisory Database","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-35863","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35863","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"35863","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hyper","cpe5":"hyper","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"rust","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"35863","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hyper","cpe5":"hyper","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"rust","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-35863","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://rustsec.org/advisories/RUSTSEC-2020-0008.html","refsource":"MISC","name":"https://rustsec.org/advisories/RUSTSEC-2020-0008.html"}]}},"nvd":{"publishedDate":"2020-12-31 10:15:00","lastModifiedDate":"2021-07-21 11:39:00","problem_types":["CWE-444"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hyper:hyper:*:*:*:*:*:rust:*:*","versionEndExcluding":"0.12.34","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"35863","Ordinal":"195867","Title":"CVE-2020-35863","CVE":"CVE-2020-35863","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"35863","Ordinal":"1","NoteData":"An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"35863","Ordinal":"2","NoteData":"2020-12-31","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"35863","Ordinal":"3","NoteData":"2020-12-31","Type":"Other","Title":"Modified"}]}}}