Lucene search

K

CVE-2022-1705

🗓️ 10 Aug 2022 20:25:15Reported by GoType 
cve
 cve
🔗 web.nvd.nist.gov👁 255 Views🌐 5 Media mentions

Acceptance of invalid Transfer-Encoding headers in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling

Show more
Related
Detection
Affected
Refs
Social
Nvd
Node
golanggoRange<1.17.12
OR
golanggoRange1.18.01.18.4
[
  {
    "vendor": "Go standard library",
    "product": "net/http",
    "collectionURL": "https://pkg.go.dev",
    "packageName": "net/http",
    "versions": [
      {
        "version": "0",
        "lessThan": "1.17.12",
        "status": "affected",
        "versionType": "semver"
      },
      {
        "version": "1.18.0-0",
        "lessThan": "1.18.4",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "programRoutines": [
      {
        "name": "transferReader.parseTransferEncoding"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
10 Aug 2022 20:15Current
7.5High risk
Vulners AI Score7.5
CVSS36.5
EPSS0.002
255
.json
Report