Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 cli ...

Moderate: toolbox security and bug fix update

Moderate: grafana-pcp security update

Moderate: grafana-pcp security update

ELSA-2022-8250: grafana-pcp security update (MODERATE)

ELSA-2022-7648: grafana-pcp security update (MODERATE)

Moderate: git-lfs security and bug fix update

Important: go-toolset:rhel8 security and bug fix update

ELSA-2022-7129: git-lfs security and bug fix update (MODERATE)

ELSA-2022-5799: go-toolset and golang security and bug fix update (IMPORTANT)

ELSA-2022-5775: go-toolset:ol8 security and bug fix update (IMPORTANT)

Security update for go1.18

Security update for go1.17

Moderate: container-tools:3.0 security update

ELSA-2023-2357: git-lfs security and bug fix update (MODERATE)