Описание
HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and potentially arbitrary code execution.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:youdao:qanything:1.4.1:*:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00335
Низкий
7.5 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-444
Связанные уязвимости
CVSS3: 7.5
github
11 месяцев назад
HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and potentially arbitrary code execution.
EPSS
Процентиль: 56%
0.00335
Низкий
7.5 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-444