Acceptance of invalid Transfer-Encoding headers in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
Cvelist | CVE-2022-1705 Improper sanitization of Transfer-Encoding headers in net/http | 9 Aug 202220:16 | – | cvelist |
OSV | CVE-2022-1705 | 10 Aug 202220:15 | – | osv |
OSV | Improper sanitization of Transfer-Encoding headers in net/http | 25 Jul 202217:34 | – | osv |
OSV | BIT-golang-2022-1705 | 6 Mar 202411:03 | – | osv |
OSV | Red Hat Security Advisory: toolbox security and bug fix update | 30 Sep 202414:28 | – | osv |
OSV | Red Hat Security Advisory: OpenShift Container Platform 4.11.17 packages and security update | 30 Sep 202414:29 | – | osv |
OSV | Moderate: toolbox security and bug fix update | 15 Nov 202200:00 | – | osv |
OSV | Moderate: toolbox security and bug fix update | 15 Nov 202206:15 | – | osv |
OSV | Moderate: grafana-pcp security update | 8 Nov 202200:00 | – | osv |
OSV | Red Hat Security Advisory: grafana-pcp security update | 30 Sep 202414:28 | – | osv |
[
{
"vendor": "Go standard library",
"product": "net/http",
"collectionURL": "https://pkg.go.dev",
"packageName": "net/http",
"versions": [
{
"version": "0",
"lessThan": "1.17.12",
"status": "affected",
"versionType": "semver"
},
{
"version": "1.18.0-0",
"lessThan": "1.18.4",
"status": "affected",
"versionType": "semver"
}
],
"programRoutines": [
{
"name": "transferReader.parseTransferEncoding"
}
],
"defaultStatus": "unaffected"
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo