Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-1705

Опубликовано: 10 авг. 2022
Источник: debian
EPSS Низкий

Описание

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.19fixed1.19~rc1-1package
golang-1.18fixed1.18.4-1package
golang-1.17fixed1.17.13-1package
golang-1.15removedpackage
golang-1.15no-dsabullseyepackage
golang-1.11not-affectedpackage

Примечания

  • https://go.dev/issue/53188

  • https://github.com/golang/go/commit/e5017a93fcde94f09836200bca55324af037ee5f (go1.19rc1)

  • https://github.com/golang/go/commit/222ee24a0046ae61679f4d97967e3b4058a3b90e (go1.18.4)

  • https://github.com/golang/go/commit/d13431c37ab62f9755f705731536ff74e7165b08 (go1.17.12)

  • Introduced by https://github.com/golang/go/commit/d5734d4f2dd1168dc3df94f2b9912299aea0c0ac (go1.15beta1)

EPSS

Процентиль: 17%
0.00055
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-1705

CVSS3: 6.5
ubuntu
больше 3 лет назад

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

redhat логотип

CVE-2022-1705

CVSS3: 6.5
redhat
больше 3 лет назад

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

nvd логотип

CVE-2022-1705

CVSS3: 6.5
nvd
больше 3 лет назад

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

msrc логотип

CVE-2022-1705

CVSS3: 6.5
msrc
больше 3 лет назад

Improper sanitization of Transfer-Encoding headers in net/http

github логотип

GHSA-5hv8-7f46-fxf6

CVSS3: 6.5
github
больше 3 лет назад

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

EPSS

Процентиль: 17%
0.00055
Низкий