CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

Tenable Nessus•added 2025/03/05 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2022-41721

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the serve...

7.5CVSS6.9AI score0.00074EPSS

Exploits1References2

Tenable Nessus•added 2023/08/27 12:0 a.m.•21 views

Fedora 37 : caddy (2023-4926525509)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-4926525509 advisory. This update takes caddy from 2.5.2 to 2.6.4. The primary purpose is to resolve CVE-2022-41721. This is a fairly significant upgrade with lots of new features...

7.5CVSS6.9AI score0.00074EPSS

Exploits1References2

SUSE CVE•added 2023/02/15 3:23 a.m.•1 views

SUSE CVE-2022-41721

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be...

7.5CVSS7.1AI score0.00074EPSS

Exploits1References3

Veracode•added 2023/01/22 8:35 a.m.•30 views

HTTP Request Smuggling

golang.org/x/net/http2/h2c is vulnerable to HTTP Request Smuggling. The vulnerability exists in the h2cUpgrade function of h2c.go because it does not properly handle errors when reading the HTTP2 frames from the HTTP/1 request body using MaxBytesHandler, which allows an attacker to send arbitrary...

7.5CVSS7.3AI score0.00074EPSS

Exploits1References9Affected Software3

RedhatCVE•added 2023/01/19 4:4 a.m.•43 views

CVE-2022-41721

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead read the body of the HTTP request, which could be attacker-manipulat...

7.5CVSS0.7AI score0.00074EPSS

Exploits1References6

OSV•added 2023/01/14 12:30 a.m.•34 views

GHSA-FXG5-WQ6X-VR4W golang.org/x/net/http2/h2c vulnerable to request smuggling attack

7.5CVSS7.5AI score0.00074EPSS

Exploits1References7

Github Security Blog•added 2023/01/14 12:30 a.m.•68 views

golang.org/x/net/http2/h2c vulnerable to request smuggling attack

7.5CVSS7.5AI score0.00074EPSS

Exploits1References7Affected Software1

GitLab Advisory Database•added 2023/01/14 12:0 a.m.•38 views

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

7.5CVSS0.7AI score0.00074EPSS

Exploits1References5Affected Software1

GitLab Advisory Database•added 2023/01/14 12:0 a.m.•41 views

golang.org/x/net/http2/h2c vulnerable to request smuggling attack

7.5CVSS0.9AI score0.00074EPSS

Exploits1References5Affected Software1

OSV•added 2023/01/13 11:15 p.m.•0 views

DEBIAN-CVE-2022-41721

7.5CVSS7.6AI score0.00074EPSS

Exploits1References1

OSV•added 2023/01/13 11:15 p.m.•4 views

CVE-2022-41721

7.5CVSS7.3AI score

Exploits0References5

NVD•added 2023/01/13 11:15 p.m.•23 views

CVE-2022-41721

7.5CVSS7.4AI score0.00074EPSS

Exploits1References5

Prion•added 2023/01/13 11:15 p.m.•19 views

Design/Logic Flaw

5CVSS7.3AI score0.00074EPSS

Exploits1References4Affected Software1

UbuntuCve•added 2023/01/13 11:15 p.m.•46 views

CVE-2022-41721

7.5CVSS6.9AI score0.00074EPSS

Exploits1References4

CVE•added 2023/01/13 10:46 p.m.•493 views

CVE-2022-41721

CVE-2022-41721 describes a request-smuggling issue in Go’s HTTP/2 handling via the MaxBytesHandler. When the handler does not fully consume the request body, the server may read HTTP/2 frames from the body stream instead of the network, allowing an attacker to craft body content that represents a...

7.5CVSS7.5AI score0.00074EPSS

Exploits1References5Affected Software1

Debian CVE•added 2023/01/13 10:46 p.m.•43 views

CVE-2022-41721

7.5CVSS6.7AI score0.00074EPSS

Exploits1

Vulnrichment•added 2023/01/13 10:46 p.m.•5 views

CVE-2022-41721 Request smuggling due to improper request handling in golang.org/x/net/http2/h2c

7.6AI score0.00074EPSS

Exploits1References5

OSV•added 2023/01/13 10:39 p.m.•80 views

GO-2023-1495 Request smuggling due to improper request handling in golang.org/x/net/http2/h2c

7.5CVSS7.5AI score0.00074EPSS

Exploits1References2

CNNVD•added 2023/01/13 12:0 a.m.•1 views

Google Golang 环境问题漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

7.5CVSS6.6AI score0.00074EPSS

Exploits1References8

FreeBSD•added 2022/10/22 12:0 a.m.•98 views

traefik -- Use of vulnerable Go module x/net/http2

The Go project reports: A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, whi...

7.5CVSS0.4AI score0.00074EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by