5 matches found
CVE-2025-65114
CVE-2025-65114 affects Apache Traffic Server where malformed chunked messages enable HTTP request smuggling. Affected versions: 9.0.0–9.2.12 and 10.0.0–10.1.1. The issue is mitigated by upgrading to 9.2.13 or 10.1.2, which include the fix for the chunked encoding parser and related handling (Fedo...
CVE-2025-66373
Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing error that can result in HTTP request smuggling. When Akamai Ghost receives an invalid chunked body that includes a chunk size different from the actual size of the following chunk data, under certain...
Astra Linux – Vulnerability in python-h11
h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a lack of strict parsing of line terminators in chunked-coded message bodies in h11 could lead to request smuggling vulnerabilities under certain conditions. This issue has been fixed in version 0.16.0. Since exploiting these...
Golang 1.24 < 1.24.2
The version of Golang running on the remote host is 1.24 prior to 1.24.2. It is, therefore, is affected by multiple vulnerabilities: - Unlike request headers, where we are allowed to leniently accept a bare LF in place of a CRLF, chunked bodies must always use CRLF line terminators. We were alrea...
HTTP Request Smuggling
Overview llhttp is a set of Ruby bindings for llhttp. Affected versions of this package are vulnerable to HTTP Request Smuggling via llhttp. The parse ignores chunk extensions when parsing the body of chunked requests. Remediation There is no fixed version for llhttp. References - GitHub Commit -...