Rudder

07:42:33 error[A001]: Multiple Transfer-Encoding headers misinterprets request payload
07:42:33    ┌─ /home/jenkins/workspace/rudder-relayd-6.1/relay/sources/relayd/Cargo.lock:76:1
07:42:33    │
07:42:33 76 │ hyper 0.12.35 registry+https://github.com/rust-lang/crates.io-index
07:42:33    │ ------------------------------------------------------------------- security vulnerability detected
07:42:33    │
07:42:33    = ID: RUSTSEC-2021-0020
07:42:33    = Advisory: https://rustsec.org/advisories/RUSTSEC-2021-0020
07:42:33    = hyper's HTTP server code had a flaw that incorrectly understands some requests
07:42:33      with multiple transfer-encoding headers to have a chunked payload, when it
07:42:33      should have been rejected as illegal. This combined with an upstream HTTP proxy
07:42:33      that understands the request payload boundary differently can result in
07:42:33      "request smuggling" or "desync attacks".
07:42:33    = Announcement: https://github.com/hyperium/hyper/security/advisories/GHSA-6hfq-h8hq-87mf
07:42:33    = Solution: Upgrade to >=0.14.3 OR >=0.13.10, <0.14.0
07:42:33    = hyper v0.12.35
07:42:33      ├── hyper-tls v0.3.2
07:42:33      │   └── reqwest v0.9.24
07:42:33      │       └── relayd v0.0.0-dev
07:42:33      ├── relayd v0.0.0-dev (*)
07:42:33      ├── reqwest v0.9.24 (*)
07:42:33      └── warp v0.1.22
07:42:33          └── relayd v0.0.0-dev (*)