Количество 2
Количество 2
CVE-2020-7670
agoo prior to 2.14.0 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks where `agoo` is used as part of a chain of backend servers due to insufficient `Content-Length` and `Transfer Encoding` parsing.
GHSA-h385-52j6-9984
Withdrawn: HTTP Request Smuggling in Agoo
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-7670 agoo prior to 2.14.0 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks where `agoo` is used as part of a chain of backend servers due to insufficient `Content-Length` and `Transfer Encoding` parsing. | CVSS3: 7.5 | 0% Низкий | больше 5 лет назад |
| GHSA-h385-52j6-9984 Withdrawn: HTTP Request Smuggling in Agoo | 0% Низкий | больше 5 лет назад |
Уязвимостей на страницу