License: BSD 3-Clause "New" or "Revised" License
For full details about the MaidSafe platform, see the [wiki] (https://github.com/maidsafe/MaidSafe/wiki).
To get started quickly, jump straight to the [build instructions] (https://github.com/maidsafe/MaidSafe/wiki/Build-Instructions).
Or to discuss any aspect of any MaidSafe library, use the [developers mailing list] (https://groups.google.com/forum/#!forum/maidsafe-development).
Lenient
hyperheader parsing ofContent-Lengthcould allow request smuggling
| Details | |
|---|---|
| Package | hyper |
| Version | 0.13.10 |
| URL | GHSA-f3pg-qwvg-p99c |
| Date | 2021-07-07 |
| Patched versions | >=0.14.10 |
hyper's HTTP header parser accepted, according to RFC 7230, illegal contents inside Content-Length headers.
Due to this, upstream HTTP proxies that ignore the the header may still forward them along if it chooses to ignore the error.
To be vulnerable, hyper must be used as an HTTP/1 server and using an HTTP proxy upstream that ignores the header's contents
but still forwards it. Due to all the factors that must line up, an attack exploiting this vulnerablity is unlikely.
See advisory page for additional details.
net2crate has been deprecated; usesocket2instead
| Details | |
|---|---|
| Status | unmaintained |
| Package | net2 |
| Version | 0.2.37 |
| URL | deprecrated/net2-rs@3350e38 |
| Date | 2020-05-01 |
The net2 crate has been deprecated
and users are encouraged to considered socket2 instead.
See advisory page for additional details.
Integer overflow in
hyper's parsing of theTransfer-Encodingheader leads to data loss
| Details | |
|---|---|
| Package | hyper |
| Version | 0.13.10 |
| URL | GHSA-5h46-h7hh-c6x9 |
| Date | 2021-07-07 |
| Patched versions | >=0.14.10 |
When decoding chunk sizes that are too large, hyper's code would encounter an integer overflow. Depending on the situation,
this could lead to data loss from an incorrect total size, or in rarer cases, a request smuggling attack.
To be vulnerable, you must be using hyper for any HTTP/1 purpose, including as a client or server, and consumers must send
requests or responses that specify a chunk size greater than 18 exabytes. For a possible request smuggling attack to be possible,
any upstream proxies must accept a chunk size greater than 64 bits.
See advisory page for additional details.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
