CVE-2024-23644 (GCVE-0-2024-23644)

Vulnerability from cvelistv5 – Published: 2024-01-24 19:38 – Updated: 2025-05-30 14:16
VLAI?
Title
trillium-http and trillium-client vulnerable to HTTP Request/Response Splitting
Summary
Trillium is a composable toolkit for building internet applications with async rust. In `trillium-http` prior to 0.3.12 and `trillium-client` prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over headers. This only affects use cases where attackers have control of request headers, and can insert "\r\n" sequences. Specifically, if untrusted and unvalidated input is inserted into header names or values. Outbound `trillium_http::HeaderValue` and `trillium_http::HeaderName` can be constructed infallibly and were not checked for illegal bytes when sending requests from the client or responses from the server. Thus, if an attacker has sufficient control over header values (or names) in a request or response that they could inject `\r\n` sequences, they could get the client and server out of sync, and then pivot to gain control over other parts of requests or responses. (i.e. exfiltrating data from other requests, SSRF, etc.) In `trillium-http` versions 0.3.12 and later, if a header name is invalid in server response headers, the specific header and any associated values are omitted from network transmission. Additionally, if a header value is invalid in server response headers, the individual header value is omitted from network transmission. Other headers values with the same header name will still be sent. In `trillium-client` versions 0.5.4 and later, if any header name or header value is invalid in the client request headers, awaiting the client Conn returns an `Error::MalformedHeader` prior to any network access. As a workaround, Trillium services and client applications should sanitize or validate untrusted input that is included in header values and header names. Carriage return, newline, and null characters are not allowed.
Severity ?
6.8 (Medium)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE
  • CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
Assigner
References
Impacted products
Vendor Product Version
trillium-rs trillium Affected: < 0.5.4
Affected: < 0.3.12
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:06:25.407Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/trillium-rs/trillium/security/advisories/GHSA-9f9p-cp3c-72jf",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/trillium-rs/trillium/security/advisories/GHSA-9f9p-cp3c-72jf"
          },
          {
            "name": "https://github.com/trillium-rs/trillium/commit/16a42b3f8378a3fa4e61ece3e3e37e6a530df51d",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/trillium-rs/trillium/commit/16a42b3f8378a3fa4e61ece3e3e37e6a530df51d"
          },
          {
            "name": "https://github.com/trillium-rs/trillium/commit/8d468f85e27b8d0943d6f43ce9f8c7397141a999",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/trillium-rs/trillium/commit/8d468f85e27b8d0943d6f43ce9f8c7397141a999"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23644",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T18:45:20.605791Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-30T14:16:20.146Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "trillium",
          "vendor": "trillium-rs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.5.4"
            },
            {
              "status": "affected",
              "version": " \u003c 0.3.12"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Trillium is a composable toolkit for building internet applications with async rust. In `trillium-http` prior to 0.3.12 and `trillium-client` prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over headers. This only affects use cases where attackers have control of request headers, and can insert \"\\r\\n\" sequences. Specifically, if untrusted and unvalidated input is inserted into header names or values.\n\nOutbound `trillium_http::HeaderValue` and `trillium_http::HeaderName` can be constructed infallibly and were not checked for illegal bytes when sending requests from the client or responses from the server. Thus, if an attacker has sufficient control over header values (or names) in a request or response that they could inject `\\r\\n` sequences, they could get the client and server out of sync, and then pivot to gain control over other parts of requests or responses. (i.e. exfiltrating data from other requests, SSRF, etc.)\n\nIn `trillium-http` versions 0.3.12 and later, if a header name is invalid in server response headers, the specific header and any associated values are omitted from network transmission. Additionally, if a header value is invalid in server response headers, the individual header value is omitted from network transmission. Other headers values with the same header name will still be sent. In `trillium-client` versions 0.5.4 and later, if any header name or header value is invalid in the client request headers, awaiting the client Conn returns an `Error::MalformedHeader` prior to any network access. As a workaround, Trillium services and client applications should sanitize or validate untrusted input that is included in header values and header names. Carriage return, newline, and null characters are not allowed."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-113",
              "description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-24T19:38:41.224Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/trillium-rs/trillium/security/advisories/GHSA-9f9p-cp3c-72jf",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/trillium-rs/trillium/security/advisories/GHSA-9f9p-cp3c-72jf"
        },
        {
          "name": "https://github.com/trillium-rs/trillium/commit/16a42b3f8378a3fa4e61ece3e3e37e6a530df51d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/trillium-rs/trillium/commit/16a42b3f8378a3fa4e61ece3e3e37e6a530df51d"
        },
        {
          "name": "https://github.com/trillium-rs/trillium/commit/8d468f85e27b8d0943d6f43ce9f8c7397141a999",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/trillium-rs/trillium/commit/8d468f85e27b8d0943d6f43ce9f8c7397141a999"
        }
      ],
      "source": {
        "advisory": "GHSA-9f9p-cp3c-72jf",
        "discovery": "UNKNOWN"
      },
      "title": "trillium-http and trillium-client vulnerable to HTTP Request/Response Splitting"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-23644",
    "datePublished": "2024-01-24T19:38:41.224Z",
    "dateReserved": "2024-01-19T00:18:53.233Z",
    "dateUpdated": "2025-05-30T14:16:20.146Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:trillium:trillium:*:*:*:*:*:rust:*:*\", \"versionEndExcluding\": \"0.5.4\", \"matchCriteriaId\": \"B9D4B68B-390B-44A9-9CD5-8F9AACBA405B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:trillium:trillium-http:*:*:*:*:*:rust:*:*\", \"versionEndExcluding\": \"0.3.12\", \"matchCriteriaId\": \"8F925466-08CC-423B-90AD-32C54782A302\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Trillium is a composable toolkit for building internet applications with async rust. In `trillium-http` prior to 0.3.12 and `trillium-client` prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over headers. This only affects use cases where attackers have control of request headers, and can insert \\\"\\\\r\\\\n\\\" sequences. Specifically, if untrusted and unvalidated input is inserted into header names or values.\\n\\nOutbound `trillium_http::HeaderValue` and `trillium_http::HeaderName` can be constructed infallibly and were not checked for illegal bytes when sending requests from the client or responses from the server. Thus, if an attacker has sufficient control over header values (or names) in a request or response that they could inject `\\\\r\\\\n` sequences, they could get the client and server out of sync, and then pivot to gain control over other parts of requests or responses. (i.e. exfiltrating data from other requests, SSRF, etc.)\\n\\nIn `trillium-http` versions 0.3.12 and later, if a header name is invalid in server response headers, the specific header and any associated values are omitted from network transmission. Additionally, if a header value is invalid in server response headers, the individual header value is omitted from network transmission. Other headers values with the same header name will still be sent. In `trillium-client` versions 0.5.4 and later, if any header name or header value is invalid in the client request headers, awaiting the client Conn returns an `Error::MalformedHeader` prior to any network access. As a workaround, Trillium services and client applications should sanitize or validate untrusted input that is included in header values and header names. Carriage return, newline, and null characters are not allowed.\"}, {\"lang\": \"es\", \"value\": \"Trillium es un conjunto de herramientas componibles para crear aplicaciones de Internet con \\u00f3xido as\\u00edncrono. En `trillium-http` anterior a 0.3.12 y `trillium-client` anterior a 0.5.4, la validaci\\u00f3n insuficiente de los valores de encabezado salientes puede llevar a ataques de divisi\\u00f3n de solicitudes o de divisi\\u00f3n de respuestas en escenarios donde los atacantes tienen suficiente control sobre los encabezados. Esto solo afecta a los casos de uso en los que los atacantes tienen control de los encabezados de las solicitudes y pueden insertar secuencias \\\"\\\\r\\\\n\\\". Espec\\u00edficamente, si se inserta entrada que no es de confianza y no validada en nombres o valores de encabezado. Los `trillium_http::HeaderValue` y `trillium_http::HeaderName` salientes se pueden construir de manera infalible y no se verificaron en busca de bytes ilegales al enviar solicitudes del cliente o respuestas del servidor. Por lo tanto, si un atacante tiene suficiente control sobre los valores de encabezado (o nombres) en una solicitud o respuesta como para poder inyectar secuencias `\\\\r\\\\n`, podr\\u00eda desincronizar el cliente y el servidor y luego girar para obtener control sobre otras partes de solicitudes o respuestas. (es decir, filtrar datos de otras solicitudes, SSRF, etc.) En las versiones 0.3.12 y posteriores de `trillium-http`, si un nombre de encabezado no es v\\u00e1lido en los encabezados de respuesta del servidor, el encabezado espec\\u00edfico y cualquier valor asociado se omiten de la transmisi\\u00f3n de red. Adem\\u00e1s, si un valor de encabezado no es v\\u00e1lido en los encabezados de respuesta del servidor, el valor del encabezado individual se omite de la transmisi\\u00f3n de la red. Se seguir\\u00e1n enviando otros valores de encabezado con el mismo nombre de encabezado. En las versiones 0.5.4 y posteriores de `trillium-client`, si alg\\u00fan nombre o valor de encabezado no es v\\u00e1lido en los encabezados de solicitud del cliente, en espera, el cliente Conn devuelve un `Error::MalformedHeader` antes de cualquier acceso a la red. Como workaround, los servicios de Trillium y las aplicaciones cliente deben desinfectar o validar las entradas que no son de confianza incluidas en los valores y nombres de los encabezados. No se permiten caracteres de carriage return, nueva l\\u00ednea, ni nulos.\"}]",
      "id": "CVE-2024-23644",
      "lastModified": "2024-11-21T08:58:04.593",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}]}",
      "published": "2024-01-24T20:15:53.680",
      "references": "[{\"url\": \"https://github.com/trillium-rs/trillium/commit/16a42b3f8378a3fa4e61ece3e3e37e6a530df51d\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/trillium-rs/trillium/commit/8d468f85e27b8d0943d6f43ce9f8c7397141a999\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/trillium-rs/trillium/security/advisories/GHSA-9f9p-cp3c-72jf\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/trillium-rs/trillium/commit/16a42b3f8378a3fa4e61ece3e3e37e6a530df51d\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/trillium-rs/trillium/commit/8d468f85e27b8d0943d6f43ce9f8c7397141a999\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/trillium-rs/trillium/security/advisories/GHSA-9f9p-cp3c-72jf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-113\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-436\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-23644\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-01-24T20:15:53.680\",\"lastModified\":\"2024-11-21T08:58:04.593\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Trillium is a composable toolkit for building internet applications with async rust. In `trillium-http` prior to 0.3.12 and `trillium-client` prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over headers. This only affects use cases where attackers have control of request headers, and can insert \\\"\\\\r\\\\n\\\" sequences. Specifically, if untrusted and unvalidated input is inserted into header names or values.\\n\\nOutbound `trillium_http::HeaderValue` and `trillium_http::HeaderName` can be constructed infallibly and were not checked for illegal bytes when sending requests from the client or responses from the server. Thus, if an attacker has sufficient control over header values (or names) in a request or response that they could inject `\\\\r\\\\n` sequences, they could get the client and server out of sync, and then pivot to gain control over other parts of requests or responses. (i.e. exfiltrating data from other requests, SSRF, etc.)\\n\\nIn `trillium-http` versions 0.3.12 and later, if a header name is invalid in server response headers, the specific header and any associated values are omitted from network transmission. Additionally, if a header value is invalid in server response headers, the individual header value is omitted from network transmission. Other headers values with the same header name will still be sent. In `trillium-client` versions 0.5.4 and later, if any header name or header value is invalid in the client request headers, awaiting the client Conn returns an `Error::MalformedHeader` prior to any network access. As a workaround, Trillium services and client applications should sanitize or validate untrusted input that is included in header values and header names. Carriage return, newline, and null characters are not allowed.\"},{\"lang\":\"es\",\"value\":\"Trillium es un conjunto de herramientas componibles para crear aplicaciones de Internet con \u00f3xido as\u00edncrono. En `trillium-http` anterior a 0.3.12 y `trillium-client` anterior a 0.5.4, la validaci\u00f3n insuficiente de los valores de encabezado salientes puede llevar a ataques de divisi\u00f3n de solicitudes o de divisi\u00f3n de respuestas en escenarios donde los atacantes tienen suficiente control sobre los encabezados. Esto solo afecta a los casos de uso en los que los atacantes tienen control de los encabezados de las solicitudes y pueden insertar secuencias \\\"\\\\r\\\\n\\\". Espec\u00edficamente, si se inserta entrada que no es de confianza y no validada en nombres o valores de encabezado. Los `trillium_http::HeaderValue` y `trillium_http::HeaderName` salientes se pueden construir de manera infalible y no se verificaron en busca de bytes ilegales al enviar solicitudes del cliente o respuestas del servidor. Por lo tanto, si un atacante tiene suficiente control sobre los valores de encabezado (o nombres) en una solicitud o respuesta como para poder inyectar secuencias `\\\\r\\\\n`, podr\u00eda desincronizar el cliente y el servidor y luego girar para obtener control sobre otras partes de solicitudes o respuestas. (es decir, filtrar datos de otras solicitudes, SSRF, etc.) En las versiones 0.3.12 y posteriores de `trillium-http`, si un nombre de encabezado no es v\u00e1lido en los encabezados de respuesta del servidor, el encabezado espec\u00edfico y cualquier valor asociado se omiten de la transmisi\u00f3n de red. Adem\u00e1s, si un valor de encabezado no es v\u00e1lido en los encabezados de respuesta del servidor, el valor del encabezado individual se omite de la transmisi\u00f3n de la red. Se seguir\u00e1n enviando otros valores de encabezado con el mismo nombre de encabezado. En las versiones 0.5.4 y posteriores de `trillium-client`, si alg\u00fan nombre o valor de encabezado no es v\u00e1lido en los encabezados de solicitud del cliente, en espera, el cliente Conn devuelve un `Error::MalformedHeader` antes de cualquier acceso a la red. Como workaround, los servicios de Trillium y las aplicaciones cliente deben desinfectar o validar las entradas que no son de confianza incluidas en los valores y nombres de los encabezados. No se permiten caracteres de carriage return, nueva l\u00ednea, ni nulos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-113\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-436\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trillium:trillium:*:*:*:*:*:rust:*:*\",\"versionEndExcluding\":\"0.5.4\",\"matchCriteriaId\":\"B9D4B68B-390B-44A9-9CD5-8F9AACBA405B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trillium:trillium-http:*:*:*:*:*:rust:*:*\",\"versionEndExcluding\":\"0.3.12\",\"matchCriteriaId\":\"8F925466-08CC-423B-90AD-32C54782A302\"}]}]}],\"references\":[{\"url\":\"https://github.com/trillium-rs/trillium/commit/16a42b3f8378a3fa4e61ece3e3e37e6a530df51d\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/trillium-rs/trillium/commit/8d468f85e27b8d0943d6f43ce9f8c7397141a999\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/trillium-rs/trillium/security/advisories/GHSA-9f9p-cp3c-72jf\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/trillium-rs/trillium/commit/16a42b3f8378a3fa4e61ece3e3e37e6a530df51d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/trillium-rs/trillium/commit/8d468f85e27b8d0943d6f43ce9f8c7397141a999\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/trillium-rs/trillium/security/advisories/GHSA-9f9p-cp3c-72jf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.