Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/03/05 12:31 a.m.10 views

Duplicate Advisory: HTTP Request Smuggling via Premature Upgrade

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xq2h-p299-vjwv. This link is maintained to preserve external references. Original Description An HTTP request smuggling vulnerability CWE-444 was found in Pingora's handling of HTTP/1.1 connection upgrades. The...

9.3CVSS5.8AI score0.00666EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/05 12:31 a.m.5 views

GHSA-F9V3-J2M7-4HPG Duplicate Advisory: HTTP Request Smuggling via Premature Upgrade

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xq2h-p299-vjwv. This link is maintained to preserve external references. Original Description An HTTP request smuggling vulnerability CWE-444 was found in Pingora's handling of HTTP/1.1 connection upgrades. The...

9.3CVSS5.8AI score0.00666EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/04 11:20 p.m.4 views

CVE-2026-2833 HTTP Request Smuggling via Premature Upgrade

An HTTP request smuggling vulnerability CWE-444 was found in Pingora's handling of HTTP/1.1 connection upgrades. The issue occurs when a Pingora proxy reads a request containing an Upgrade header, causing the proxy to pass through the rest of the bytes on the connection to a backend before the...

9.3CVSS5.7AI score0.00666EPSS
Exploits0References1
OSV
OSV
added 2026/03/04 12:0 p.m.6 views

RUSTSEC-2026-0033 HTTP Request Smuggling via Premature Upgrade

Pingora versions prior to 0.8.0 would immediately forward bytes following a request with an Upgrade header to the backend, without waiting for a 101 Switching Protocols response. This allows an attacker to smuggle requests to the backend and bypass proxy-level security controls. This vulnerabilit...

9.3CVSS6AI score0.00666EPSS
Exploits0References4
Rows per page
Query Builder