3 matches found
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper RFC implementation. This behavior can lead to desync when forwarding through multiple HTTP parsers, potentially resulting in HTTP request smuggling and firewall bypassing. Remediation Upgrade...
PT-2022-23199
Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.15.1 Description The issue is related to Improper Authorization functions, which allow non-privileged users to run privileged API calls. If users without admin privileges are added to the Netmaker platform, they ca...
PT-2021-22456 · Pomerium +1 · Pomerium +1
Name of the Vulnerable Software and Affected Versions: Pomerium versions prior to 0.14.8 Pomerium versions prior to 0.15.1 Description: The issue arises from Envoy, which Pomerium is based on, incorrectly handling resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU...