2 matches found
haproxy security update
2.4.17-3.2 - Reject empty http header field names CVE-2023-25725, 2174174 2.4.17-3.1 - Refuse interim responses with end-stream flag set CVE-2023-0056, 2174172...
netty: Request smuggling via content-length header
A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The...