4 matches found
AZL-37428 CVE-2023-24540 affecting package golang for versions less than 1.21.6-1
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution...
RHEL 8 : python-waitress (RHSA-2020:0720)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0720 advisory. Waitress is a pure Python WSGI server which supports HTTP/1.0 and HTTP/1.1. Security Fixes: HTTP request smuggling through LF vs CRLF handli...
CVE-2019-16789 HTTP Request Smuggling in Waitress: Invalid whitespace characters in headers
In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special...
HTTP Request Smuggling: Invalid whitespace characters in headers in Waitress
Impact If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Content-Length: 10 Transfer-Encoding: \x0bchunked For clarity: 0x0b == vertical...