Input validation

Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 8.0.0 to 9.0.2...

CVE-2022-31778

Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 8.0.0 to 9.0.2...

UBUNTU-CVE-2022-31778

Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 8.0.0 to 9.0.2...

PT-2022-20924 · Apache · Apache Traffic Server

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 8.0.0 through 9.0.2 Description: The issue is related to improper input validation in handling the Transfer-Encoding header, allowing an attacker to poison the cache. Recommendations: For Apache Traffic Server...

CVE-2022-31778 Transfer-Encoding not treated as hop-by-hop

Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 8.0.0 to 9.0.2...

CVE-2022-1705

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid...

CVE-2022-1705 Improper sanitization of Transfer-Encoding headers in net/http

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid...

CVE-2022-1705

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid...

SUSE-SU-2022:2671-1 Security update for go1.17

This update for go1.17 fixes the following issues: Update to go version 1.17.13 bsc1190649: - CVE-2022-32189: encoding/gob, math/big: decoding big.Float and big.Rat can panic bsc1202035. - CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode bsc1201444. - CVE-2022-30631: compress/gzip...

golang: net/http: improper sanitization of Transfer-Encoding header

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...

golang: net/http: improper sanitization of Transfer-Encoding header

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...

golang: net/http: improper sanitization of Transfer-Encoding header

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...

Important: go-toolset:rhel8 security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-30631 golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stac...

Google Golang 环境问题漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

HTTP Request Smuggling

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to HTTP Request Smuggling. Go Vulnerability Report: The HTTP/1 client accepted some invalid Transfer-Encoding headers as indicating a "chunked" encoding. This could potentially all...

GO-2022-0525 Improper sanitization of Transfer-Encoding headers in net/http

The HTTP/1 client accepted some invalid Transfer-Encoding headers as indicating a "chunked" encoding. This could potentially allow for request smuggling, but only if combined with an intermediate server that also improperly failed to reject the header as invalid...

The llhttp parser <v14.20.1 <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).

...

The llhttp parser <v14.20.1 <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

...

SUSE SLES12 Security Update : nodejs14 (SUSE-SU-2022:2416-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2416-1 advisory. - A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost che...

SUSE-SU-2022:2430-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses bsc1201328. - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding bsc1201325. - CVE-2022-32214: Fixed HTTP request smuggling due to...