Lucene search

K

GoogleOSV:GHSA-7V2R-WXMG-MGVC

HistoryAug 25, 2021 - 8:48 p.m.

HTTP Request smuggling in tiny_http

2021-08-2520:48:56

Google

osv.dev

3

0.001 Low

EPSS

Percentile

44.1%

HTTP pipelining issues and request smuggling attacks are possible due to incorrect Transfer encoding header parsing. It is possible conduct HTTP request smuggling attacks (CL:TE/TE:TE) by sending invalid Transfer Encoding headers. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.

CPENameOperatorVersion
tiny_httplt0.8.0

References

github.com/tiny-http/tiny-http

github.com/tiny-http/tiny-http/commit/623b87397a569729c4bcabae747823c5668cce94

github.com/tiny-http/tiny-http/issues/173

github.com/tiny-http/tiny-http/pull/190

lists.fedoraproject.org/archives/list/[email protected]/message/M3JDNRE5RXJOWZZZF5QSCG4GUCSLTHF2

lists.fedoraproject.org/archives/list/[email protected]/message/VO6SRTCEPEYO2OX647I3H5XUWLFDRDWL

nvd.nist.gov/vuln/detail/CVE-2020-35884

rustsec.org/advisories/RUSTSEC-2020-0031.html

0.001 Low

EPSS

Percentile

44.1%

Related for OSV:GHSA-7V2R-WXMG-MGVC

fedora6 osv2 openvas6 cvelist1 prion1 nvd1 cve1 rustsec1 github1