cve published

Noah-Kennedy · Noah-Kennedy · commit 7504c5ff891e · 2025-05-22T10:54:08.000-05:00
diff --git a/crates/pingora-core/RUSTSEC-0000-0000.md b/crates/pingora-core/RUSTSEC-0000-0000.md
@@ -8,8 +8,8 @@ url = "https://blog.cloudflare.com/resolving-a-request-smuggling-vulnerability-i
 # "format-injection", "memory-corruption", "memory-exposure", "privilege-escalation"
 categories = []
 keywords = ["request-smuggling", "cache-poisoning"]
-# todo CVE is now live yet
-#cvss = "4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N"
+aliases = ["CVE-2025-4366"]
+cvss = "4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N"
 
 [versions]
 patched = [">= 0.5.0"]
