1141 matches found
CVE-2019-15605
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed...
Design/Logic Flaw
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed...
UBUNTU-CVE-2019-15605
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed...
CVE-2019-15605
CVE-2019-15605 describes HTTP request smuggling due to malformed Transfer-Encoding in Node.js contexts. Connected advisories show affected components as http-parser across various Linux distributions and Node.js builds, with remediation via updating http-parser (and related Node.js packages) to p...
CVE-2019-15605
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed...
CVE-2019-15605
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed...
CVE-2019-15605
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed...
HTTP Request Smuggling
Overview apple/swift-nio is an event-driven network application framework for high performance protocol servers & clients, non-blocking. Affected versions of this package are vulnerable to HTTP Request Smuggling. HTTP request smuggling is possible using malformed Transfer-Encoding header...
HTTP Request Smuggling
Overview SwiftNIOHTTP1 is a cross-platform asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling. HTTP request smuggling is possible usin...
HTTP Request Smuggling
netty-codec-http is vulnerable to HTTP request smuggling. The vulnerability exists as it improperly handles whitespaces in the Transfer-Encoding, and the Content-Length headers. This vulnerability is caused by an incomplete fix for CVE-2019-16869...
CVE-2019-20445
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header...
DEBIAN-CVE-2019-20445
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header...
Design/Logic Flaw
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header...
CVE-2019-20445
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header...
UBUNTU-CVE-2019-20445
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header...
CVE-2019-20445
CVE-2019-20445 affects Netty’s HttpObjectDecoder: HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header, enabling HTTP request parsing ambiguities. This can enable request-smuggling-like s...
CVE-2019-20445
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header...
CVE-2020-5207
In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator...
CVE-2020-5207
In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator...
CVE-2020-5207
Kotlin Ktor before 1.3.0 is affected by a request-smuggling issue when behind proxies that mishandle Content-Length/Transfer-Encoding or use an improper header separator. The vulnerability arises from how multiple proxy configurations may allow CRLF or header separator handling to be exploited. I...