Описание
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2.74.3-8ubuntu1 |
| esm-infra/bionic | released | 2.62.1-1ubuntu0.4+esm1 |
| esm-infra/focal | not-affected | 2.70.0-1ubuntu0.1 |
| esm-infra/xenial | not-affected | code not present |
| focal | released | 2.70.0-1ubuntu0.1 |
| jammy | released | 2.74.2-3ubuntu0.1 |
| noble | released | 2.74.3-6ubuntu1.1 |
| oracular | released | 2.74.3-7ubuntu0.1 |
| plucky | released | 2.74.3-8ubuntu1 |
| upstream | released | 2.53.90 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 3.5.2-1 |
| esm-apps/jammy | released | 3.0.7-0ubuntu1+esm1 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | needed | |
| noble | released | 3.4.4-5ubuntu0.1 |
| oracular | not-affected | 3.5.2-1 |
| plucky | not-affected | 3.5.2-1 |
| upstream | released | 3.5.1 |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS3
Связанные уязвимости
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some confi ...
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
EPSS
7.5 High
CVSS3