- CVSS Score
- CVSS Details
- Attack vector
- Attack complexity
- Privileges required
- User interaction
- CVSS Vector
Affected versions of this crate use the
time crate and the method
Duration::seconds to parse the
Max-Age duration cookie setting. This method
will panic if the value is greater than 2^64/1000 and less than or equal to
2^64, which can result in denial of service for a client or server.
This flaw was corrected by explicitly checking for the
Max-Age being in this
integer range and clamping the value to the maximum duration value.