Moderate severityNVD Advisory· Published Jun 10, 2020· Updated Aug 4, 2024
CVE-2020-7670
CVE-2020-7670
Description
agoo prior to 2.14.0 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks where agoo is used as part of a chain of backend servers due to insufficient Content-Length and Transfer Encoding parsing.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
agooRubyGems | <= 2.13.0 | — |
Affected products
1Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-h385-52j6-9984ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-7670ghsaADVISORY
- github.com/ohler55/agoo/commit/23d03535cf7b50d679a60a953a0cae9519a4a130ghsax_refsource_MISCWEB
- github.com/ohler55/agoo/issues/88ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-RUBY-AGOO-569137ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.