7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-38512

GHSA ID

GHSA-8928-2fgm-6x9x

EPSS Score

0.61251%

CWE

CWE-444

Published

8/25/2021

Updated

2/3/2023

KEV Status

Technology

Rust

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-38512

CVE-2021-38512: HTTP Request Smuggling in actix-http

Affected versions of this crate did not properly detect invalid requests that could allow HTTP/1 request smuggling (HRS) attacks when running alongside a vulnerable front-end proxy server. This can result in leaked internal and/or user data, including credentials, when the front-end proxy is also vulnerable.

Popular front-end proxies and load balancers already mitigate HRS attacks so it is recommended that they are also kept up to date; check your specific set up. You should upgrade even if the front-end proxy receives exclusively HTTP/2 traffic and connects to the back-end using HTTP/1; several downgrade attacks are known that can also expose HRS vulnerabilities.

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-38512

GHSA ID

GHSA-8928-2fgm-6x9x

EPSS Score

0.61251%

CWE

CWE-444

Published

8/25/2021

Updated

2/3/2023

KEV Status

Technology

Rust

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
actix-http	rust	< 2.2.1	2.2.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from three main issues: 1) Improper chunk size parsing that allowed integer overflows and invalid size values (fixed by adding checked_mul and character validation), 2) Header parsing that permitted multiple Transfer-Encoding headers and invalid values (fixed by adding validation checks), and 3) Insufficient validation of chunk extension characters. The commit introduced a new chunked.rs with strict state machine handling, added overflow checks in read_size, and enhanced header validation in decoder.rs. Test cases like hrs_chunk_extension_invalid and hrs_chunk_size_overflow in the diff confirm these were the vulnerable areas.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* t*is *r*t* *i* not prop*rly **t**t inv*li* r*qu*sts t**t *oul* *llow *TTP/* r*qu*st smu**lin* (*RS) *tt**ks w**n runnin* *lon*si** * vuln*r**l* *ront-*n* proxy s*rv*r. T*is **n r*sult in l**k** int*rn*l *n*/or us*r **t*, in*lu*in

Reasoning

T** vuln*r**ility st*mm** *rom t*r** m*in issu*s: *) Improp*r **unk siz* p*rsin* t**t *llow** int***r ov*r*lows *n* inv*li* siz* v*lu*s (*ix** *y ***in* ****k**_mul *n* ***r**t*r v*li**tion), *) *****r p*rsin* t**t p*rmitt** multipl* Tr*ns**r-*n*o*in

7.5

Basic Information

Concerned about an active attack path?

CVE-2021-38512: HTTP Request Smuggling in actix-http

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI