HTTP Request Smuggling

2020-01-1003:02:35

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.003 Low

EPSS

Percentile

68.2%

JSON

github.com/kubernetes/ingress-nginx is vulnerable to HTTP request smuggling. The library does not use a named location for authSignURL, allowing a malicious user to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

CPENameOperatorVersion
github.com/kubernetes/ingress-nginxeqHEAD
github.com/kubernetes/ingress-nginxeq0.10.0
github.com/kubernetes/ingress-nginxeqHEAD
github.com/kubernetes/ingress-nginxeq0.10.0

Name	Operator	Version
github.com/kubernetes/ingress-nginx	eq	HEAD
github.com/kubernetes/ingress-nginx	eq	0.10.0
github.com/kubernetes/ingress-nginx	eq	HEAD
github.com/kubernetes/ingress-nginx	eq	0.10.0