{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T22:54:47.675","vulnerabilities":[{"cve":{"id":"CVE-2022-3212","sourceIdentifier":"reefs@jfrog.com","published":"2022-09-14T16:15:11.883","lastModified":"2024-11-21T07:19:03.723","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"::from_request would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large (or infinite) body your server might run out of memory and crash. This also applies to these extractors which used Bytes::from_request internally: axum::extract::Form axum::extract::Json String"},{"lang":"es","value":"(bytes::Bytes como axum_core::extract::FromRequest)::from_request no establecía, por defecto, un límite para el tamaño del cuerpo de la petición. Esto significaba que si un compañero malicioso enviaba un cuerpo muy grande (o infinito) su servidor podría quedarse sin memoria y colapsar. Esto también se aplica a estos extractores que usan Bytes::from_request internamente: axum::extract::Form axum::extract::Json String"}],"metrics":{"cvssMetricV31":[{"source":"reefs@jfrog.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"reefs@jfrog.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:axum-core_project:axum-core:*:*:*:*:*:rust:*:*","versionEndExcluding":"0.2.8","matchCriteriaId":"3C75C001-9583-4589-B223-CFC88D83DC6F"},{"vulnerable":true,"criteria":"cpe:2.3:a:axum-core_project:axum-core:0.3.0:rc1:*:*:*:rust:*:*","matchCriteriaId":"BAA28945-A516-4F1E-99FF-470141986E69"}]}]}],"references":[{"url":"https://research.jfrog.com/vulnerabilities/axum-core-dos/","source":"reefs@jfrog.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://rustsec.org/advisories/RUSTSEC-2022-0055.html","source":"reefs@jfrog.com","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://research.jfrog.com/vulnerabilities/axum-core-dos/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://rustsec.org/advisories/RUSTSEC-2022-0055.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]}]}}]}