CVE-2023-26964 (Medium) detected in multiple libraries

## CVE-2023-26964 - Medium Severity Vulnerability
<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/vulnerability_details.png' width=19 height=20> Vulnerable Libraries - hyper-0.14.19.crate, hyper-0.13.10.crate, h2-0.3.13.crate, hyper-0.10.16.crate, h2-0.2.7.crate</summary>


<details><summary>hyper-0.14.19.crate</summary>

A fast and correct HTTP library.
Library home page: <a href="https://crates.io/api/v1/crates/hyper/0.14.19/download">https://crates.io/api/v1/crates/hyper/0.14.19/download</a>


Dependency Hierarchy:
 - :x: **hyper-0.14.19.crate** (Vulnerable Library)
</details>
<details><summary>hyper-0.13.10.crate</summary>

A fast and correct HTTP library.
Library home page: <a href="https://crates.io/api/v1/crates/hyper/0.13.10/download">https://crates.io/api/v1/crates/hyper/0.13.10/download</a>


Dependency Hierarchy:
 - webdriver-0.44.0.crate (Root Library)
 - warp-0.2.5.crate
 - :x: **hyper-0.13.10.crate** (Vulnerable Library)
</details>
<details><summary>h2-0.3.13.crate</summary>

An HTTP/2 client and server
Library home page: <a href="https://crates.io/api/v1/crates/h2/0.3.13/download">https://crates.io/api/v1/crates/h2/0.3.13/download</a>


Dependency Hierarchy:
 - yubico-0.10.0.crate (Root Library)
 - reqwest-0.11.11.crate
 - :x: **h2-0.3.13.crate** (Vulnerable Library)
</details>
<details><summary>hyper-0.10.16.crate</summary>

A fast and correct HTTP library.
Library home page: <a href="https://crates.io/api/v1/crates/hyper/0.10.16/download">https://crates.io/api/v1/crates/hyper/0.10.16/download</a>


Dependency Hierarchy:
 - multipart-0.18.0.crate (Root Library)
 - nickel-0.11.0.crate
 - :x: **hyper-0.10.16.crate** (Vulnerable Library)
</details>
<details><summary>h2-0.2.7.crate</summary>

An HTTP/2.0 client and server
Library home page: <a href="https://crates.io/api/v1/crates/h2/0.2.7/download">https://crates.io/api/v1/crates/h2/0.2.7/download</a>


Dependency Hierarchy:
 - webdriver-0.44.0.crate (Root Library)
 - warp-0.2.5.crate
 - hyper-0.13.10.crate
 - :x: **h2-0.2.7.crate** (Vulnerable Library)
</details>

Found in HEAD commit: <a href="https://github.com/mTvare6/hello-world.rs/commit/a5a175063bd51fcbbce0eaba88d1b9b6ad315911">a5a175063bd51fcbbce0eaba88d1b9b6ad315911</a>
Found in base branch: master

</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png' width=19 height=20> Vulnerability Details</summary>
 
 
An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).

Publish Date: 2023-04-11
URL: <a href=https://www.mend.io/vulnerability-database/CVE-2023-26964>CVE-2023-26964</a>

</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/cvss3.png' width=19 height=20> CVSS 3 Score Details (5.5)</summary>


Base Score Metrics:
- Exploitability Metrics:
 - Attack Vector: Local
 - Attack Complexity: Low
 - Privileges Required: None
 - User Interaction: Required
 - Scope: Unchanged
- Impact Metrics:
 - Confidentiality Impact: None
 - Integrity Impact: None
 - Availability Impact: High

For more information on CVSS3 Scores, click <a href="https://www.first.org/cvss/calculator/3.0">here</a>.

</details>


***
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2023-26964 (Medium) detected in multiple libraries #416

CVE-2023-26964 - Medium Severity Vulnerability

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CVE-2023-26964 (Medium) detected in multiple libraries #416

Description

CVE-2023-26964 - Medium Severity Vulnerability

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions