CVE-2020-7671

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-7671

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7671.json

Aliases

GHSA-3892-2r52-p65m
SNYK-RUBY-GOLIATH-569136

Published

2020-06-10T16:15:10Z

Modified

2023-11-29T08:35:37.364110Z

Details

goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks.

References

Affected packages

Git / github.com/postrank-labs/goliath

Affected ranges

Type: GIT
Repo: https://github.com/postrank-labs/goliath
Events: Introduced

0The exact introduced commit is unknown

Last affected

a0a6d615a688ccc05cec6c5b170cf8a962322435

Affected versions

v0.*

v0.9.0

v0.9.1

v0.9.2

v0.9.3

v0.9.4

v1.*

v1.0.0

v1.0.0.beta.1

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6