158 matches found
EUVD-2020-0308
Malware in sbrugna...
EUVD-2020-0447
Malware in sbrugna...
EUVD-2019-8066
Malware in sbrugna...
EUVD-2013-5542
Malware in sbrugna...
EUVD-2025-6969
Malicious code in bioql PyPI...
Hono has Body Limit Middleware Bypass
Summary A flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. Details The middleware previously prioritized the Content-Length header even when a Transfer-Encoding: chunked header was also included. According to...
CVE-2025-59139
CVE-2025-59139 affects the Hono web framework (pre-4.9.7). A flaw in the bodyLimit middleware allowed bypassing the configured request body size limit when conflicting headers were present, because Content-Length could be prioritized over Transfer-Encoding: chunked. The HTTP spec requires Transfe...
Linux Distros Unpatched Vulnerability : CVE-2024-47220
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a...
Linux Distros Unpatched Vulnerability : CVE-2022-31778
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue...
Linux Distros Unpatched Vulnerability : CVE-2019-16789
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and...
Linux Distros Unpatched Vulnerability : CVE-2019-20445
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding...
Linux Distros Unpatched Vulnerability : CVE-2024-6827
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling through the processing of chunked encoded requests in parseheader function. An attacker can manipulate request boundaries by injecting conflicting Content-Length or Transfer-Encoding headers via trailers which can...
CVE-2020-35884
An issue was discovered in the tinyhttp crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header...
Gunicorn HTTP Request/Response Smuggling vulnerability
Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...
CVE-2024-6827
Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...
DEBIAN-CVE-2024-6827
Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...
CVE-2024-6827 HTTP Request Smuggling in benoitc/gunicorn
Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...
Gunicorn 环境问题漏洞
Gunicorn is a Python web server gateway interface HTTP server from the Gunicorn open source. An environment issue vulnerability exists in Gunicorn version 21.2.0 that stems from improper validation of the Transfer-Encoding header, which could lead to a request entrapment attack...
AZL-53159 CVE-2024-52530 affecting package libsoup for versions less than 3.4.4-2
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header...