Lucene search
GoogleOSV:GO-2021-0159HistoryJan 05, 2022 - 9:39 p.m.
Request smuggling due to improper header parsing in net/http
2022-01-0521:39:14
Google
osv.dev
7
HTTP headers were not properly parsed, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.
References
go.dev/cl/11772
go.dev/cl/11810
go.dev/cl/12865
go.dev/cl/13148
go.dev/issue/11930
go.dev/issue/12027
go.googlesource.com/go/+/117ddcb83d7f42d6aa72241240af99ded81118e9
go.googlesource.com/go/+/26049f6f9171d1190f3bbe05ec304845cfe6399f
go.googlesource.com/go/+/300d9a21583e7cf0149a778a0611e76ff7c6680f
go.googlesource.com/go/+/c2db5f4ccc61ba7df96a747e268a277b802cbb87
groups.google.com/g/golang-announce/c/iSIyW4lM4hY/m/ADuQR4DiDwAJ
Related
nessus
nessus
openSUSE Security Update : go (openSUSE-2016-907)
2016-07-28 00:00:00
Fedora 22 : golang-1.4.2-3.fc22 (2015-13002)
2015-08-18 00:00:00
Fedora 21 : golang-1.4.2-3.fc21 (2015-12957)
2015-08-18 00:00:00
osv
osv
GO-2021-0157
2022-01-05 20:00:00
openvas
openvas
Fedora Update for golang FEDORA-2015-15618
2015-10-02 00:00:00
Fedora Update for golang FEDORA-2015-12957
2015-08-20 00:00:00
Fedora Update for golang FEDORA-2015-13002
2015-08-20 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: golang-1.4.2-3.fc22
2015-08-18 05:23:04
[SECURITY] Fedora 22 Update: golang-1.5.1-0.fc22
2015-10-01 18:59:26
[SECURITY] Fedora 21 Update: golang-1.4.2-3.fc21
2015-08-18 05:21:47
amazon
amazon
Medium: golang, docker
2015-08-24 22:29:00
freebsd
freebsd
go -- multiple vulnerabilities
2015-07-29 00:00:00
cloudfoundry
cloudfoundry
Golang 1.4.3 CVE Fixes | Cloud Foundry
2015-10-07 00:00:00
centos
centos
golang security update
2016-08-02 21:57:55
redhat
redhat
(RHSA-2016:1538) Moderate: golang security, bug fix, and enhancement update
2016-08-02 13:46:33
cve
cve
cvelist
cvelist
nvd
nvd
veracode
veracode
HTTP Header Injection
2019-01-15 09:12:45
HTTP Header Injection
2017-04-27 07:04:20
Request Smuggling
2017-05-02 07:41:09
ubuntucve
ubuntucve
prion
prion
Design/Logic Flaw
2020-02-08 19:15:00
Design/Logic Flaw
2017-10-18 20:29:00
Design/Logic Flaw
2017-10-18 20:29:00
hackerone
hackerone
Internet Bug Bounty: Apache HTTP Request Parsing Whitespace Defects
2017-06-29 17:41:22
Internet Bug Bounty: Multiple HTTP Smuggling reports
2019-07-17 22:47:10