CVE-2021-38512

Name of the Vulnerable Software and Affected Versions actix-http crate versions prior to 3.0.0-beta.9

Description An issue in the actix-http crate can lead to HTTP/1 request smuggling, potentially resulting in credential disclosure. This occurs when the crate does not properly detect invalid requests, allowing for HTTP/1 request smuggling attacks when used alongside a vulnerable front-end proxy server. This can lead to leaked internal and/or user data, including credentials. It is recommended to keep front-end proxies and load balancers up to date, as they may already mitigate such attacks.

Recommendations For versions prior to 3.0.0-beta.9, upgrade to a version that is 3.0.0-beta.9 or later to resolve the issue. Additionally, ensure that any front-end proxies and load balancers are also kept up to date to minimize the risk of exploitation. Consider reviewing your setup to ensure that all components are properly configured to prevent HTTP/1 request smuggling attacks.