High severityNVD Advisory· Published Jun 10, 2020· Updated Aug 4, 2024
CVE-2020-7671
CVE-2020-7671
Description
goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
goliathRubyGems | <= 1.0.6 | — |
Affected products
1Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-3892-2r52-p65mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-7671ghsaADVISORY
- github.com/postrank-labs/goliath/issues/351ghsaWEB
- github.com/postrank-labs/goliath/issues/351%2Cmitrex_refsource_MISC
- snyk.io/vuln/SNYK-RUBY-GOLIATH-569136ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.