VYPR
High severityNVD Advisory· Published Jan 13, 2023· Updated Apr 4, 2025

Request smuggling due to improper request handling in golang.org/x/net/http2/h2c

CVE-2022-41721

Description

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
golang.org/x/netGo
>= 0.0.0-20220524220425-1d687d428aca, < 0.1.1-0.20221104162952-702349b0e8620.1.1-0.20221104162952-702349b0e862

Affected products

11

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.