Опубликовано: 18 июн. 2021
Источник: github
Github: Прошло ревью
CVSS4: 5.3
CVSS3: 6.1
Описание
HTTP Request Smuggling in netius
netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could allow for CL:TE or TE:TE attacks.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-7655
- https://github.com/hivesolutions/netius/commit/9830881ef68328f8ea9c7901db1d11690677e7d1
- https://github.com/advisories/GHSA-wm2m-xrrp-j74c
- https://github.com/pypa/advisory-database/tree/main/vulns/netius/PYSEC-2020-242.yaml
- https://snyk.io/vuln/SNYK-PYTHON-NETIUS-569141
Пакеты
Наименование
netius
pip
Затронутые версииВерсия исправления
< 1.17.58
1.17.58
Связанные уязвимости
CVSS3: 6.1
nvd
больше 5 лет назад
netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could allow for CL:TE or TE:TE attacks.