1115 matches found
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
RHEL 9 : podman (RHSA-2025:9064)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9064 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...
skopeo security update
2:1.18.1-2 - rebuild to fix CVE-2025-22871 skopeo: Request smuggling due to acceptance of invalid chunked data in net/http - Resolves: RHEL-89329...
RHEL 9 : skopeo (RHSA-2025:9065)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9065 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify file...
BIT-GOLANG-2025-4673 Sensitive headers not cleared on cross-origin redirect in net/http
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
Security Bulletin: Go net/http package is vulnerable to a denial of service,a remote attacker could exploit this vulnerability to cause a denial of service, affects watsonx.data
Summary Go net/http package is vulnerable to a denial of service, caused by improper 100-continue header handling. By sending "Expect: 100-continue" requests, a remote attacker could exploit this vulnerability to cause a denial of service and this could affect watsonx.data. Vulnerability Details...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
RHEL 9 : golang (RHSA-2025:9043)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9043 advisory. The golang packages provide the Go programming language compiler. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked da...
EulerOS 2.0 SP11 : golang (EulerOS-SA-2025-1657)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a...
GO-2025-3751 Sensitive headers not cleared on cross-origin redirect in net/http
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
EulerOS 2.0 SP12 : golang (EulerOS-SA-2025-1586)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...