Common Weakness Enumeration

CWE-444

Allowed

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Abstraction: Base · Status: Incomplete

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

551 vulnerabilities reference this CWE, most recent first.

GHSA-3CH3-JHC6-5R8X

Vulnerability from github – Published: 2023-11-15 14:48 – Updated: 2023-11-15 14:48
VLAI
Summary
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection
Details

Impact

The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie exfiltration in some cases.

To pass extra control data between extractors (such as headers like `Referer`), yt-dlp employs a concept of "url smuggling". This works by adding this extra data as json to the url fragment ("smuggling") that is then passed on to an extractor. The receiving extractor then "unsmuggles" the data from the input url. This functionality is intended to be internal only. Currently, the Generic extractor supports receiving an arbitrary dictionary of HTTP headers in a smuggled url, of which it extracts and adds them to the initial request it makes to such url. This is useful when a url sent to the Generic extractor needs a `Referer` header sent with it, for example. Additionally, yt-dlp has internal headers to set a proxy for a request: `Ytdl-request-proxy` and `Ytdl-socks-proxy`. While these are deprecated, internally `Ytdl-request-proxy` is still used for `--geo-verification-proxy`. However, it is possible for a maliciously crafted site include these smuggled options in a url which then the Generic extractor extracts and redirects to itself. This allows a malicious website to **set an arbitrary proxy for an arbitrary url that the Generic extractor will request.** This could allow for the following, but not limited too: - An attacker can MITM a request it asks yt-dlp to make to **any** website. - If a user has loaded cookies into yt-dlp for the target site, which are not marked as [secure](https://en.wikipedia.org/wiki/Secure_cookie), they could be exfiltrated by the attacker. - Fortunately most sites are HTTPS and should be setting cookies as secure. - An attacker can set cookies for an arbitrary site. An example malicious webpage:
<!DOCTYPE html>
<cinerama.embedPlayer('t','{{ target_site }}#__youtubedl_smuggle=%7B%22http_headers%22:%7B%22Ytdl-request-proxy%22:%22{{ proxy url }}%22%7D,%22fake%22:%22.smil/manifest%22%7D')
Where `{{ target_site }}` is the URL Generic extractor will request and `{{ proxy url }}` is the proxy to proxy the request for this url through.

Patches

  • We have removed the ability to smuggle http_headers to the Generic extractor, as well as other extractors that use the same pattern.

Workarounds

  • Disable Generic extractor (--ies default,-generic), or only pass trusted sites with trusted content.
  • Take caution when using --no-check-certificate.

References

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "yt-dlp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2022.10.04"
            },
            {
              "fixed": "2023.11.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-46121"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-444",
      "CWE-613"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-15T14:48:24Z",
    "nvd_published_at": "2023-11-15T00:15:09Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nThe Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp\u0027s HTTP session. This could lead to cookie exfiltration in some cases.\n\n\u003cdetails\u003e\n\nTo pass extra control data between extractors (such as headers like `Referer`), yt-dlp employs a concept of \"url smuggling\". This works by adding this extra data as json to the url fragment (\"smuggling\") that is then passed on to an extractor. The receiving extractor then \"unsmuggles\" the data from the input url. This functionality is intended to be internal only.\n\nCurrently, the Generic extractor supports receiving an arbitrary dictionary of HTTP headers in a smuggled url, of which it extracts and adds them to the initial request it makes to such url. This is useful when a url sent to the Generic extractor needs a `Referer` header sent with it, for example.\n\nAdditionally, yt-dlp has internal headers to set a proxy for a request: `Ytdl-request-proxy` and `Ytdl-socks-proxy`. While these are deprecated, internally `Ytdl-request-proxy` is still used for `--geo-verification-proxy`.\n\nHowever, it is possible for a maliciously crafted site include these smuggled options in a url which then the Generic extractor extracts and redirects to itself.  This allows a malicious website to **set an arbitrary proxy for an arbitrary url that the Generic extractor will request.**\n\nThis could allow for the following, but not limited too:\n- An attacker can MITM a request it asks yt-dlp to make to **any** website.\n   - If a user has loaded cookies into yt-dlp for the target site, which are not marked as [secure](https://en.wikipedia.org/wiki/Secure_cookie), they could be exfiltrated by the attacker.\n   - Fortunately most sites are HTTPS and should be setting cookies as secure.\n- An attacker can set cookies for an arbitrary site.\n\nAn example malicious webpage:\n```html\n\u003c!DOCTYPE html\u003e\n\u003ccinerama.embedPlayer(\u0027t\u0027,\u0027{{ target_site }}#__youtubedl_smuggle=%7B%22http_headers%22:%7B%22Ytdl-request-proxy%22:%22{{ proxy url }}%22%7D,%22fake%22:%22.smil/manifest%22%7D\u0027)\n```\n\nWhere `{{ target_site }}` is the URL Generic extractor will request and `{{ proxy url }}` is the proxy to proxy the request for this url through.\n\n\u003c/details\u003e\n\n### Patches\n- We have removed the ability to smuggle `http_headers` to the Generic extractor, as well as other extractors that use the same pattern.\n\n### Workarounds\n- Disable Generic extractor (`--ies default,-generic`), or only pass trusted sites with trusted content.\n- Take caution when using `--no-check-certificate`.\n\n### References\n- \u003chttps://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-3ch3-jhc6-5r8x\u003e\n- \u003chttps://nvd.nist.gov/vuln/detail/CVE-2023-46121\u003e\n- \u003chttps://github.com/yt-dlp/yt-dlp/releases/tag/2023.11.14\u003e\n- \u003chttps://github.com/yt-dlp/yt-dlp/commit/f04b5bedad7b281bee9814686bba1762bae092eb\u003e\n",
  "id": "GHSA-3ch3-jhc6-5r8x",
  "modified": "2023-11-15T14:48:24Z",
  "published": "2023-11-15T14:48:24Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-3ch3-jhc6-5r8x"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46121"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yt-dlp/yt-dlp/commit/f04b5bedad7b281bee9814686bba1762bae092eb"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/yt-dlp/yt-dlp"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yt-dlp/yt-dlp/releases/tag/2023.11.14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection"
}

GHSA-3GV6-G396-9V4R

Vulnerability from github – Published: 2026-03-27 18:31 – Updated: 2026-06-11 00:32
VLAI
Summary
Undertow is Vulnerable to HTTP Request/Response Smuggling
Details

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer, potentially leading to unauthorized access or manipulation of web requests.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.undertow:undertow-parent"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.3.23.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-28367"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-444"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-31T23:13:55Z",
    "nvd_published_at": "2026-03-27T17:16:27Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\\r\\r\\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer, potentially leading to unauthorized access or manipulation of web requests.",
  "id": "GHSA-3gv6-g396-9v4r",
  "modified": "2026-06-11T00:32:03Z",
  "published": "2026-03-27T18:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28367"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:25125"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:25126"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-28367"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443260"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/undertow-io/undertow"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Undertow is Vulnerable to HTTP Request/Response Smuggling"
}

GHSA-3JJM-F9RJ-VGMH

Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2024-04-04 02:07
VLAI
Details

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to gain unauthorized access to the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-15272"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-444"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-02T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to gain unauthorized access to the system.",
  "id": "GHSA-3jjm-f9rj-vgmh",
  "modified": "2024-04-04T02:07:58Z",
  "published": "2022-05-24T16:57:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15272"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ucm-secbypass"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3JRV-JGP8-45V3

Vulnerability from github – Published: 2024-11-17 12:30 – Updated: 2025-02-07 18:31
VLAI
Summary
Undertow incorrectly parses cookies
Details

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.undertow:undertow-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0.Alpha1"
            },
            {
              "fixed": "2.3.11.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.undertow:undertow-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.30.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-4639"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-444"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-18T20:08:30Z",
    "nvd_published_at": "2024-11-17T11:15:05Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
  "id": "GHSA-3jrv-jgp8-45v3",
  "modified": "2025-02-07T18:31:17Z",
  "published": "2024-11-17T12:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
    },
    {
      "type": "WEB",
      "url": "https://github.com/undertow-io/undertow/commit/1f93a979d2ac264798e5779b5b7172dfafe0066f"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:1674"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:1675"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:1676"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:1677"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:2763"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:2764"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:3919"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-4639"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/undertow-io/undertow"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250207-0001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Undertow incorrectly parses cookies"
}

GHSA-3QMP-G57H-RXF2

Vulnerability from github – Published: 2025-05-22 20:25 – Updated: 2025-06-20 18:07
VLAI
Summary
Duplicate Advisory: Pingora Request Smuggling and Cache Poisoning
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-93c7-7xqw-w357. This link is maintained to preserve external references.

Original Description

Pingora versions prior to 0.5.0 which used the caching functionality in pingora-proxy did not properly drain the downstream request body on cache hits.

This allows an attacker to craft malicious HTTP/1.1 requests which could lead to request smuggling or cache poisoning.

This flaw was corrected in commit fda3317ec822678564d641e7cf1c9b77ee3759ff by ensuring that the downstream request body is always drained before a connection can be reused.

See the blog post for more information.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "pingora-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-444"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-05-22T20:25:15Z",
    "nvd_published_at": "2025-05-22T16:15:55Z",
    "severity": "HIGH"
  },
  "details": "### Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-93c7-7xqw-w357. This link is maintained to preserve external references.\n\n### Original Description\n\nPingora versions prior to 0.5.0 which used the caching functionality in pingora-proxy did not properly drain the downstream request body on cache hits.\n\nThis allows an attacker to craft malicious HTTP/1.1 requests which could lead to request smuggling or cache poisoning.\n\nThis flaw was corrected in commit fda3317ec822678564d641e7cf1c9b77ee3759ff by ensuring that the downstream request body is always drained before a connection can be reused.\n\nSee [the blog post](https://blog.cloudflare.com/resolving-a-request-smuggling-vulnerability-in-pingora/) for more information.",
  "id": "GHSA-3qmp-g57h-rxf2",
  "modified": "2025-06-20T18:07:39Z",
  "published": "2025-05-22T20:25:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4366"
    },
    {
      "type": "WEB",
      "url": "https://blog.cloudflare.com/resolving-a-request-smuggling-vulnerability-in-pingora"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cloudflare/pingora"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2025-0037.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Duplicate Advisory: Pingora Request Smuggling and Cache Poisoning",
  "withdrawn": "2025-06-20T18:07:39Z"
}

GHSA-45C4-8WX5-QW6W

Vulnerability from github – Published: 2023-07-20 14:52 – Updated: 2024-09-03 21:33
VLAI
Summary
aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser
Details

Impact

aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6 which is vulnerable to CVE-2023-30589. The vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel.

This vulnerability only affects users of aiohttp as an HTTP server (ie aiohttp.Application), you are not affected by this vulnerability if you are using aiohttp as an HTTP client library (ie aiohttp.ClientSession).

Reproducer

from aiohttp import web

async def example(request: web.Request):
    headers = dict(request.headers)
    body = await request.content.read()
    return web.Response(text=f"headers: {headers} body: {body}")

app = web.Application()
app.add_routes([web.post('/', example)])
web.run_app(app)

Sending a crafted HTTP request will cause the server to misinterpret one of the HTTP header values leading to HTTP request smuggling.

$ printf "POST / HTTP/1.1\r\nHost: localhost:8080\r\nX-Abc: \rxTransfer-Encoding: chunked\r\n\r\n1\r\nA\r\n0\r\n\r\n" \
  | nc localhost 8080

Expected output:
  headers: {'Host': 'localhost:8080', 'X-Abc': '\rxTransfer-Encoding: chunked'} body: b''

Actual output (note that 'Transfer-Encoding: chunked' is an HTTP header now and body is treated differently)
  headers: {'Host': 'localhost:8080', 'X-Abc': '', 'Transfer-Encoding': 'chunked'} body: b'A'

Patches

Upgrade to the latest version of aiohttp to resolve this vulnerability. It has been fixed in v3.8.5: pip install aiohttp >= 3.8.5

Workarounds

If you aren't able to upgrade you can reinstall aiohttp using AIOHTTP_NO_EXTENSIONS=1 as an environment variable to disable the llhttp HTTP request parser implementation. The pure Python implementation isn't vulnerable to request smuggling:

$ python -m pip uninstall --yes aiohttp
$ AIOHTTP_NO_EXTENSIONS=1 python -m pip install --no-binary=aiohttp --no-cache aiohttp

References

  • https://nvd.nist.gov/vuln/detail/CVE-2023-30589
  • https://hackerone.com/reports/2001873
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.8.4"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "aiohttp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.8.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-37276"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-444"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-20T14:52:00Z",
    "nvd_published_at": "2023-07-19T20:15:10Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\naiohttp v3.8.4 and earlier are [bundled with llhttp v6.0.6](https://github.com/aio-libs/aiohttp/blob/v3.8.4/.gitmodules) which is vulnerable to CVE-2023-30589. The vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel.\n\nThis vulnerability only affects users of aiohttp as an HTTP server (ie `aiohttp.Application`), you are not affected by this vulnerability if you are using aiohttp as an HTTP client library (ie `aiohttp.ClientSession`).\n\n### Reproducer\n\n```python\nfrom aiohttp import web\n\nasync def example(request: web.Request):\n    headers = dict(request.headers)\n    body = await request.content.read()\n    return web.Response(text=f\"headers: {headers} body: {body}\")\n\napp = web.Application()\napp.add_routes([web.post(\u0027/\u0027, example)])\nweb.run_app(app)\n```\n\nSending a crafted HTTP request will cause the server to misinterpret one of the HTTP header values leading to HTTP request smuggling.\n\n```console\n$ printf \"POST / HTTP/1.1\\r\\nHost: localhost:8080\\r\\nX-Abc: \\rxTransfer-Encoding: chunked\\r\\n\\r\\n1\\r\\nA\\r\\n0\\r\\n\\r\\n\" \\\n  | nc localhost 8080\n\nExpected output:\n  headers: {\u0027Host\u0027: \u0027localhost:8080\u0027, \u0027X-Abc\u0027: \u0027\\rxTransfer-Encoding: chunked\u0027} body: b\u0027\u0027\n\nActual output (note that \u0027Transfer-Encoding: chunked\u0027 is an HTTP header now and body is treated differently)\n  headers: {\u0027Host\u0027: \u0027localhost:8080\u0027, \u0027X-Abc\u0027: \u0027\u0027, \u0027Transfer-Encoding\u0027: \u0027chunked\u0027} body: b\u0027A\u0027\n```\n\n### Patches\n\nUpgrade to the latest version of aiohttp to resolve this vulnerability. It has been fixed in v3.8.5: [`pip install aiohttp \u003e= 3.8.5`](https://pypi.org/project/aiohttp/3.8.5/)\n\n### Workarounds\n\nIf you aren\u0027t able to upgrade you can reinstall aiohttp using `AIOHTTP_NO_EXTENSIONS=1` as an environment variable to disable the llhttp HTTP request parser implementation. The pure Python implementation isn\u0027t vulnerable to request smuggling:\n\n```console\n$ python -m pip uninstall --yes aiohttp\n$ AIOHTTP_NO_EXTENSIONS=1 python -m pip install --no-binary=aiohttp --no-cache aiohttp\n```\n\n### References\n\n* https://nvd.nist.gov/vuln/detail/CVE-2023-30589\n* https://hackerone.com/reports/2001873\n",
  "id": "GHSA-45c4-8wx5-qw6w",
  "modified": "2024-09-03T21:33:36Z",
  "published": "2023-07-20T14:52:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37276"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aio-libs/aiohttp/commit/9337fb3f2ab2b5f38d7e98a194bde6f7e3d16c40"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aio-libs/aiohttp/commit/9c13a52c21c23dfdb49ed89418d28a5b116d0681"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/2001873"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/aio-libs/aiohttp"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aio-libs/aiohttp/blob/v3.8.4/.gitmodules"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-120.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser"
}

GHSA-478M-XRV3-7R93

Vulnerability from github – Published: 2022-05-24 17:14 – Updated: 2024-04-04 02:49
VLAI
Details

An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-11724"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-444"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-12T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API.",
  "id": "GHSA-478m-xrv3-7r93",
  "modified": "2024-04-04T02:49:48Z",
  "published": "2022-05-24T17:14:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11724"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openresty/openresty/blob/4e8b4c395f842a078e429c80dd063b2323999957/patches/ngx_http_lua-0.10.15-fix_location_capture_content_length_chunked.patch"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00014.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210129-0002"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4750"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-48W2-RM65-62XX

Vulnerability from github – Published: 2021-10-12 17:53 – Updated: 2025-05-27 15:16
VLAI
Summary
Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling
Details

Impact

Prior to puma version 5.5.0, using puma with a proxy which forwards LF characters as line endings could allow HTTP request smuggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client.

This behavior (forwarding LF characters as line endings) is very uncommon amongst proxy servers, so we have graded the impact here as "low". Puma is only aware of a single proxy server which has this behavior.

If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client.

Patches

This vulnerability was patched in Puma 5.5.1 and 4.3.9.

Workarounds

This vulnerability only affects Puma installations without any proxy in front.

Use a proxy which does not forward LF characters as line endings.

Proxies which do not forward LF characters as line endings:

  • Nginx
  • Apache (>2.4.25)
  • Haproxy
  • Caddy
  • Traefik

Possible Breakage

If you are dealing with legacy clients that want to send LF as a line ending in an HTTP header, this will cause those clients to receive a 400 error.

References

For more information

If you have any questions or comments about this advisory:

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "puma"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "puma"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.3.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-41136"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-444"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-10-12T17:06:36Z",
    "nvd_published_at": "2021-10-12T16:15:00Z",
    "severity": "LOW"
  },
  "details": "### Impact\n\nPrior to `puma` version 5.5.0, using `puma` with a proxy which forwards LF characters as line endings could allow HTTP request smuggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client.\n\nThis behavior (forwarding LF characters as line endings) is very uncommon amongst proxy servers, so we have graded the impact here as \"low\". Puma is only aware of a single proxy server which has this behavior.\n\nIf the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request\u0027s body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client.\n\n### Patches\n\nThis vulnerability was patched in Puma 5.5.1 and 4.3.9.\n\n### Workarounds\n\nThis vulnerability only affects Puma installations without any proxy in front.\n\nUse a proxy which does not forward LF characters as line endings.\n\nProxies which do not forward LF characters as line endings:\n\n* Nginx\n* Apache (\u003e2.4.25)\n* Haproxy\n* Caddy\n* Traefik\n\n### Possible Breakage\n\nIf you are [dealing with legacy clients that want to send `LF` as a line ending](https://stackoverflow.com/questions/43574428/have-apache-accept-lf-vs-crlf-in-request-headers) in an HTTP header, this will cause those clients to receive a `400` error.\n\n### References\n\n* [HTTP Request Smuggling](https://portswigger.net/web-security/request-smuggling)\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [Puma](https://github.com/puma/puma)\n* See our [security policy](https://github.com/puma/puma/security/policy)",
  "id": "GHSA-48w2-rm65-62xx",
  "modified": "2025-05-27T15:16:14Z",
  "published": "2021-10-12T17:53:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41136"
    },
    {
      "type": "WEB",
      "url": "https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18"
    },
    {
      "type": "WEB",
      "url": "https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/puma/puma"
    },
    {
      "type": "WEB",
      "url": "https://github.com/puma/puma/releases/tag/v4.3.9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/puma/puma/releases/tag/v5.5.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2021-41136.yml"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-28"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5146"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling"
}

GHSA-49CF-MFFG-JJ22

Vulnerability from github – Published: 2024-09-08 12:32 – Updated: 2024-09-08 12:32
VLAI
Details

Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42342"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-444"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-08T12:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Loway -  CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
  "id": "GHSA-49cf-mffg-jj22",
  "modified": "2024-09-08T12:32:45Z",
  "published": "2024-09-08T12:32:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42342"
    },
    {
      "type": "WEB",
      "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4C5F-9MJ4-M247

Vulnerability from github – Published: 2026-01-05 15:07 – Updated: 2026-01-05 15:07
VLAI
Summary
flagd: Multiple Go Runtime CVEs Impact Security and Availability
Details

Summary

In 2025, several vulnerabilities in the Go Standard Library were disclosed, impacting Go-based applications like flagd (the evaluation engine for OpenFeature). These CVEs primarily focus on Denial of Service (DoS) through resource exhaustion and Race Conditions in database handling.

CVE ID Impacted Package Severity Description & Impact on flagd
CVE-2025-47907 database/sql 7.0 (High) Race Condition: Canceling a query during a Scan call can return data from the wrong query. Critical if flagd uses SQL-based sync providers (e.g., Postgres), potentially leading to incorrect flag configurations.
CVE-2025-61725 net/mail 7.5 (High) DoS: Inefficient complexity in ParseAddress. Attackers can provide crafted email strings with large domain literals to exhaust CPU if flagd parses email-formatted metadata.
CVE-2025-61723 encoding/pem 7.5 (High) DoS: Quadratic complexity when parsing invalid PEM inputs. Relevant if flagd loads TLS certificates or keys via PEM files from untrusted sources.
CVE-2025-61729 crypto/x509 7.5 (High) Resource Exhaustion: HostnameError.Error() lacks string concatenation limits. A malicious TLS certificate with thousands of hostnames could crash flagd during connection handshakes.
CVE-2025-58188 net/http Medium Request Smuggling: Improper header handling in HTTP/1.1. Could allow attackers to bypass security filters positioned in front of flagd sync or evaluation APIs.
CVE-2025-58187 archive/zip Medium DoS: Improper validation of malformed ZIP archives. Impacts flagd if configured to fetch and unpack zipped configuration bundles from remote providers.
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/open-feature/flagd/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.13.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/open-feature/flagd/flagd-proxy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.8.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/open-feature/flagd/flagd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.13.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-362",
      "CWE-400",
      "CWE-407",
      "CWE-444",
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-05T15:07:05Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\nIn 2025, several vulnerabilities in the Go Standard Library were disclosed, impacting Go-based applications like flagd (the evaluation engine for OpenFeature). These CVEs primarily focus on Denial of Service (DoS) through resource exhaustion and Race Conditions in database handling. \n\n| CVE ID | Impacted Package | Severity | Description \u0026 Impact on flagd |\n| -- | -- | -- | -- |\n| CVE-2025-47907 | database/sql | 7.0 (High) | Race Condition:  Canceling a query during a Scan call can return data from the wrong query. Critical if flagd uses SQL-based sync providers (e.g., Postgres), potentially leading to incorrect flag configurations. |\n| CVE-2025-61725 | net/mail | 7.5 (High) | DoS: Inefficient complexity in ParseAddress.  Attackers can provide crafted email strings with large domain literals to exhaust CPU if flagd parses email-formatted metadata. |\n| CVE-2025-61723 | encoding/pem | 7.5 (High) | DoS: Quadratic complexity when parsing invalid PEM inputs. Relevant if flagd loads TLS certificates or keys via PEM files from untrusted sources. |\n| CVE-2025-61729 | crypto/x509 | 7.5 (High) | Resource Exhaustion: HostnameError.Error() lacks string concatenation limits. A malicious TLS certificate with thousands of hostnames could crash flagd during connection handshakes. |\n| CVE-2025-58188 | net/http | Medium | Request Smuggling: Improper header handling in HTTP/1.1. Could allow attackers to bypass security filters positioned in front of flagd sync or evaluation APIs. |\n| CVE-2025-58187 | archive/zip | Medium | DoS:  Improper validation of malformed ZIP archives.  Impacts flagd if configured to fetch and unpack zipped configuration bundles from remote providers. |",
  "id": "GHSA-4c5f-9mj4-m247",
  "modified": "2026-01-05T15:07:46Z",
  "published": "2026-01-05T15:07:05Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/open-feature/flagd/security/advisories/GHSA-4c5f-9mj4-m247"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open-feature/flagd/pull/1840"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/open-feature/flagd"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open-feature/flagd/releases/tag/core%2Fv0.13.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "flagd: Multiple Go Runtime CVEs Impact Security and Availability"
}

Mitigation
Implementation

Use a web server that employs a strict HTTP parsing procedure, such as Apache [REF-433].

Mitigation
Implementation

Use only SSL communication.

Mitigation
Implementation

Terminate the client session after each request.

Mitigation
System Configuration

Turn all pages to non-cacheable.

CAPEC-273: HTTP Response Smuggling

An adversary manipulates and injects malicious content in the form of secret unauthorized HTTP responses, into a single HTTP response from a vulnerable or compromised back-end HTTP agent (e.g., server).

See CanPrecede relationships for possible consequences.

CAPEC-33: HTTP Request Smuggling

An adversary abuses the flexibility and discrepancies in the parsing and interpretation of HTTP Request messages using various HTTP headers, request-line and body parameters as well as message sizes (denoted by the end of message signaled by a given HTTP header) by different intermediary HTTP agents (e.g., load balancer, reverse proxy, web caching proxies, application firewalls, etc.) to secretly send unauthorized and malicious HTTP requests to a back-end HTTP agent (e.g., web server).

See CanPrecede relationships for possible consequences.