CVE-2020-1944

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Upgrade to versions 7.1.9 and 8.0.6 or later versions.

References

Affected packages

Git / github.com/apache/trafficserver

Affected ranges

Type

GIT

Repo

https://github.com/apache/trafficserver

Events

Introduced

27f8e2cda9133864e6ffae0224c799fde5f10290

Last affected

eaed59510bda6f1d27854d9d3f07aace2afffc16

Introduced

6c1c6cf20e7d0e287d697a0f4181436013d17c30

Last affected

d8b3397744f0eefad721af058dca220ebb51bd7f

Introduced

b310e3566f58dd04ec2b15b111ec86ea70e20019

Last affected

cfeb3b9311a8354b12bc10fac057e9f6a8a3eba9

Introduced

Last affected

3fa146678bc6a061722f4ea930998ae29ad70de3

Database specific

{
    "versions": [
        {
            "introduced": "6.0.0"
        },
        {
            "last_affected": "6.2.3"
        },
        {
            "introduced": "7.0.0"
        },
        {
            "last_affected": "7.1.8"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.0.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0"
        }
    ]
}

Affected versions

10.*

10.0.0

10.0.0-rc0

3.*

3.1.2

3.3.0

3.3.1

6.*

6.2.0

6.2.0-rc0

6.2.0-rc1

6.2.0-rc2

6.2.0-rc3

6.2.1

6.2.1-rc0

6.2.2

6.2.2-rc0

6.2.3

6.2.3-rc0

7.*

7.1.0

7.1.0-rc0

7.1.0-rc1

7.1.1

7.1.1-rc0

7.1.1-rc1

7.1.2

7.1.2-rc0

7.1.2-rc1

7.1.2-rc2

7.1.2-rc3

7.1.2-rc4

7.1.3

7.1.3-rc0

7.1.4

7.1.4-rc0

7.1.4-rc1

7.1.5

7.1.5-rc0

7.1.5-rc1

7.1.6

7.1.6-rc0

7.1.6-rc1

7.1.7

7.1.7-rc0

7.1.8

8.*

8.0.0

8.0.0-rc4

8.0.1

8.0.1-rc0

8.0.2

8.0.2-rc0

8.0.3

8.0.3-rc0

8.0.4

8.0.4-rc0

8.0.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1944.json"