Lucene search
K

209 matches found

Snyk
Snyk
added 2025/08/29 4:24 p.m.2 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the wrapBodyReader function in the body-reader.go. An attacker can cause the server to panic and crash by sending specially crafted AWS chunked data without a Content-Length header via a reverse proxy such a...

8.7CVSS6.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/29 4:24 p.m.6 views

Versity panic induced by AWS chunked data sent to port

Sending AWS chunk data with no Content-Length HTTP header causes the panic, every time. Reproduction Setup versity server running on port 7071, no SSL for ease of packet tracing with tshark. Problem can be reproduced with or without SSL on the versity end. Use nginx to reverse proxy on port 7070...

7.1AI score
Exploits0References4Affected Software1
OSV
OSV
added 2025/08/29 4:24 p.m.5 views

GHSA-V2CH-C8V8-FGR7 Versity panic induced by AWS chunked data sent to port

Sending AWS chunk data with no Content-Length HTTP header causes the panic, every time. Reproduction Setup versity server running on port 7071, no SSL for ease of packet tracing with tshark. Problem can be reproduced with or without SSL on the versity end. Use nginx to reverse proxy on port 7070...

8.7CVSS7.1AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-22871

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server ...

9.1CVSS6.7AI score0.00778EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.3 views

AlmaLinux 9 : opentelemetry-collector (ALSA-2025:12831)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:12831 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block directly fr...

9.1CVSS7.2AI score0.00778EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/08/05 2:8 a.m.9 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/08/05 1:36 a.m.9 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/07/30 10:44 p.m.4 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/07/30 1:27 p.m.4 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
Rockylinux
Rockylinux
added 2025/07/29 1:38 p.m.4 views

go-toolset:rhel8 security update

An update is available for module.go-toolset, golang, module.delve, go-toolset, module.golang, delve. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset...

9.1CVSS7AI score0.00778EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/07/23 5:25 p.m.4 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/07/18 9:40 a.m.2 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/07/18 8:33 a.m.8 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/07/10 1:56 a.m.4 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/07/09 4:18 a.m.6 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/07/08 11:17 p.m.3 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/07/03 12:0 a.m.4 views

AlmaLinux 8 : container-tools:rhel8 (ALSA-2025:9142)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:9142 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block directly fro...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/06/30 9:23 p.m.9 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/06/30 5:50 p.m.16 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/06/26 4:57 p.m.6 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
Rows per page
Query Builder