Common Weakness Enumeration

CWE-444

Allowed

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Abstraction: Base · Status: Incomplete

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

551 vulnerabilities reference this CWE, most recent first.

GHSA-8VHQ-594P-R648

Vulnerability from github – Published: 2022-05-14 01:04 – Updated: 2022-05-14 01:04
VLAI
Details

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-5740"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-444"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-18T20:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.",
  "id": "GHSA-8vhq-594p-r648",
  "modified": "2022-05-14T01:04:30Z",
  "published": "2022-05-14T01:04:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5740"
    },
    {
      "type": "WEB",
      "url": "https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1250352"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-1538.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/oss-sec/2015/q3/237"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/oss-sec/2015/q3/292"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/oss-sec/2015/q3/294"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8VP7-J5CJ-VVM2

Vulnerability from github – Published: 2020-01-31 18:00 – Updated: 2024-02-07 18:42
VLAI
Summary
Ability to expose data in Sylius by using an unintended serialisation group
Details

Impact

ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API.

Anyone exposing an API with ResourceBundle's controller is affected. The vulnerable versions are: <1.3 || >=1.3.0 <=1.3.12 || >=1.4.0 <=1.4.5 || >=1.5.0 <=1.5.0 || >=1.6.0 <=1.6.2.

Patches

The patch is provided for ResourceBundle 1.3.13, 1.4.6, 1.5.1 and 1.6.3, but not for any versions below 1.3.

After it is applied, It allows to choose only the groups that are defined in serialization_groups or allowed_serialization_groups route definition. Any group not defined in those will not be used.

This behaviour might be a BC break for those using custom groups via the HTTP header, please adjust allowed_serialization_groups accordingly.

Workarounds

Service sylius.resource_controller.request_configuration_factory can be overridden with an implementation copied from \Sylius\Bundle\ResourceBundle\Controller\RequestConfigurationFactory where the part that handles custom serialisation groups is deleted.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sylius/resource-bundle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.4.0"
            },
            {
              "fixed": "1.4.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sylius/resource-bundle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.5.0"
            },
            {
              "fixed": "1.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sylius/resource-bundle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.6.0"
            },
            {
              "fixed": "1.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sylius/sylius"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sylius/sylius"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.4.0"
            },
            {
              "fixed": "1.4.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sylius/resource-bundle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0"
            },
            {
              "fixed": "1.3.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-5220"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-444"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-01-27T20:11:32Z",
    "nvd_published_at": "2020-01-27T21:15:11Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API.\n\nAnyone exposing an API with ResourceBundle\u0027s controller is affected. The vulnerable versions are: `\u003c1.3 || \u003e=1.3.0 \u003c=1.3.12 || \u003e=1.4.0 \u003c=1.4.5 || \u003e=1.5.0 \u003c=1.5.0 || \u003e=1.6.0 \u003c=1.6.2`.\n\n### Patches\n\nThe patch is provided for ResourceBundle 1.3.13, 1.4.6, 1.5.1 and 1.6.3, but not for any versions below 1.3.\n\nAfter it is applied, It allows to choose only the groups that are defined in `serialization_groups` or `allowed_serialization_groups` route definition. Any group not defined in those will not be used.\n\nThis behaviour might be a BC break for those using custom groups via the HTTP header, please adjust `allowed_serialization_groups` accordingly.\n\n### Workarounds\n\nService `sylius.resource_controller.request_configuration_factory` can be overridden with an implementation copied from `\\Sylius\\Bundle\\ResourceBundle\\Controller\\RequestConfigurationFactory` where the part that handles custom serialisation groups is deleted.",
  "id": "GHSA-8vp7-j5cj-vvm2",
  "modified": "2024-02-07T18:42:55Z",
  "published": "2020-01-31T18:00:43Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-8vp7-j5cj-vvm2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5220"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/resource-bundle/CVE-2020-5220.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/sylius/CVE-2020-5220.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Ability to expose data in Sylius by using an unintended serialisation group"
}

GHSA-8VXJ-GX32-J925

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07
VLAI
Details

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-36740"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-444"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-14T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.",
  "id": "GHSA-8vxj-gx32-j925",
  "modified": "2022-05-24T19:07:57Z",
  "published": "2022-05-24T19:07:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36740"
    },
    {
      "type": "WEB",
      "url": "https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be"
    },
    {
      "type": "WEB",
      "url": "https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf"
    },
    {
      "type": "WEB",
      "url": "https://docs.varnish-software.com/security/VSV00007"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THV2DQA2GS65HUCKK4KSD2XLN3AAQ2V5"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZHBNLDEOTGYRIEQZBWV7F6VPYS4O2AAK"
    },
    {
      "type": "WEB",
      "url": "https://varnish-cache.org/security/VSV00007.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5088"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9298-4CF8-G4WJ

Vulnerability from github – Published: 2024-10-29 14:45 – Updated: 2025-01-21 17:53
VLAI
Summary
Waitress has request processing race condition in HTTP pipelining with invalid first request
Details

Impact

A remote client may send a request that is exactly recv_bytes (defaults to 8192) long, followed by a secondary request using HTTP pipelining.

When request lookahead is disabled (default) we won't read any more requests, and when the first request fails due to a parsing error, we simply close the connection.

However when request lookahead is enabled, it is possible to process and receive the first request, start sending the error message back to the client while we read the next request and queue it. This will allow the secondary request to be serviced by the worker thread while the connection should be closed.

Patches

Waitress 3.0.1 fixes the race condition.

Workarounds

Disable channel_request_lookahead, this is set to 0 by default disabling this feature. For this vulnerability this value is required to be changed from the default.

For more information

If you have any questions or comments about this advisory: * Open an issue in https://github.com/Pylons/waitress/issues (if not sensitive or security related) * email the Pylons Security mailing list: pylons-project-security@googlegroups.com (if security related)

Thanks

  • m4yfly and urn1ce From TianGong Team of Legendsec at Qi'anxin Group.
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "waitress"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "3.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-49768"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-367",
      "CWE-444"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-29T14:45:03Z",
    "nvd_published_at": "2024-10-29T15:15:11Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nA remote client may send a request that is exactly `recv_bytes` (defaults to 8192) long, followed by a secondary request using HTTP pipelining.\n\nWhen request lookahead is disabled (default) we won\u0027t read any more requests, and when the first request fails due to a parsing error, we simply close the connection.\n\nHowever when request lookahead is enabled, it is possible to process and receive the first request, start sending the error message back to the client while we read the next request and queue it. This will allow the secondary request to be serviced by the worker thread while the connection should be closed.\n\n### Patches\n\nWaitress 3.0.1 fixes the race condition.\n\n### Workarounds\n\nDisable  `channel_request_lookahead`, this is set to `0` by default disabling this feature. For this vulnerability this value is required to be changed from the default.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in https://github.com/Pylons/waitress/issues (if not sensitive or security related)\n* email the Pylons Security mailing list: [pylons-project-security@googlegroups.com](mailto:pylons-project-security@googlegroups.com) (if security related)\n\n### Thanks\n\n- m4yfly and urn1ce From TianGong Team of Legendsec at Qi\u0027anxin Group.",
  "id": "GHSA-9298-4cf8-g4wj",
  "modified": "2025-01-21T17:53:26Z",
  "published": "2024-10-29T14:45:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49768"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Pylons/waitress/commit/e4359018537af376cf24bd13616d861e2fb76f65"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Pylons/waitress"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2024-210.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Waitress has request processing race condition in HTTP pipelining with invalid first request"
}

GHSA-92GR-8FH9-J8VQ

Vulnerability from github – Published: 2022-05-14 01:04 – Updated: 2022-05-14 01:04
VLAI
Details

The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-5739"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-444"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-18T20:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by \"Content Length\" instead of \"Content-Length.\"",
  "id": "GHSA-92gr-8fh9-j8vq",
  "modified": "2022-05-14T01:04:20Z",
  "published": "2022-05-14T01:04:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5739"
    },
    {
      "type": "WEB",
      "url": "https://github.com/golang/go/commit/117ddcb83d7f42d6aa72241240af99ded81118e9"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1250352"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-1538.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/oss-sec/2015/q3/237"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/oss-sec/2015/q3/292"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/oss-sec/2015/q3/294"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/76281"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-92X4-7936-WW96

Vulnerability from github – Published: 2026-07-08 18:31 – Updated: 2026-07-10 18:32
VLAI
Details

OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-3110"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-444"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-08T17:17:19Z",
    "severity": "MODERATE"
  },
  "details": "OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy",
  "id": "GHSA-92x4-7936-ww96",
  "modified": "2026-07-10T18:32:04Z",
  "published": "2026-07-08T18:31:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3110"
    },
    {
      "type": "WEB",
      "url": "https://openvpn.net/as-docs/as-3-2-release-notes.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-93C7-7XQW-W357

Vulnerability from github – Published: 2025-06-20 18:07 – Updated: 2025-06-20 18:07
VLAI
Summary
Pingora has a Request Smuggling Vulnerability
Details

A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning.

Fixed in

https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff

Impact

The issue could lead to request smuggling in cases where Pingora’s proxying framework, pingora-proxy, is used for caching allowing an attacker to manipulate headers and URLs in subsequent requests made on the same HTTP/1.1 connection.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "pingora-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-4366"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-444"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-20T18:07:47Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "A request smuggling vulnerability identified within Pingora\u2019s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning.\n\n### Fixed in\nhttps://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff \n\n### Impact\nThe issue could lead to request smuggling in cases where Pingora\u2019s proxying framework, pingora-proxy, is used for caching allowing an attacker to manipulate headers and URLs in subsequent requests made on the same HTTP/1.1 connection.",
  "id": "GHSA-93c7-7xqw-w357",
  "modified": "2025-06-20T18:07:47Z",
  "published": "2025-06-20T18:07:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/pingora/security/advisories/GHSA-93c7-7xqw-w357"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4366"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff"
    },
    {
      "type": "WEB",
      "url": "https://blog.cloudflare.com/resolving-a-request-smuggling-vulnerability-in-pingora"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cloudflare/pingora"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2025-0037.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Pingora has a Request Smuggling Vulnerability"
}

GHSA-94F4-HR76-P5J6

Vulnerability from github – Published: 2026-06-16 17:36 – Updated: 2026-06-16 17:36
VLAI
Summary
vLLM: OpenAI auth bypass
Details

Summary

A vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware, which was discovered during @x41sec's source code audit. It allows to use the API without providing the configured VLLM_API_KEY or --api-key.

Details

In https://github.com/vllm-project/vllm/blob/v0.14.0/vllm/entrypoints/openai/api_server.py#L689-L692 the url_path is taken from the URL, which is reconstructed by starlette based on the request scope.

from starlette.datastructures import URL, Headers, MutableHeaders, State

# ...

url_path = URL(scope=scope).path.removeprefix(root_path)
headers = Headers(scope=scope)
if url_path.startswith("/v1") and not self.verify_token(headers):
    response = JSONResponse(content={"error": "Unauthorized"}, status_code=401)
    return response(scope, receive, send)
return self.app(scope, receive, send)

The request scope includes the request's Host: header and reconstructs the URL as shown below:

f"{scheme}://{host_header}{path}"

Neither starlette nor any of the ASGI servers (including uvicorn, which vllm uses) properly filter the Host: header for invalid characters. This allows an attacker to include special URL characters such as / or ? in the Host: header and thereby control the reconstructed URL and it's .path attribute.

FastAPI/starlette's routing uses the HTTP path and does not depend on the parsed url.path attribute, allowing attackers to reach an endpoint via a certain path while providing a different value in the .path.

Impact

  • Instances of vllm that use an API Key for the OpenAI API and expose the API to attackers.
  • Instances behind an RFC-conforming web server (such as nginx) are not affected.
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "vllm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.3.0"
            },
            {
              "fixed": "0.22.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-48746"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-444"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-16T17:36:41Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "### Summary\n\nA vulnerability in ASGI web servers and starlette\u0027s trust on those web servers enables an authentication bypass of the OpenAI API `AuthenticationMiddleware`, which was discovered during @x41sec\u0027s source code audit.\nIt allows to use the API without providing the configured `VLLM_API_KEY` or `--api-key`.\n\n### Details\n\nIn https://github.com/vllm-project/vllm/blob/v0.14.0/vllm/entrypoints/openai/api_server.py#L689-L692 the `url_path` is taken from the `URL`, which is reconstructed by _starlette_ based on the request `scope`.\n\n```py\nfrom starlette.datastructures import URL, Headers, MutableHeaders, State\n\n# ...\n\nurl_path = URL(scope=scope).path.removeprefix(root_path)\nheaders = Headers(scope=scope)\nif url_path.startswith(\"/v1\") and not self.verify_token(headers):\n    response = JSONResponse(content={\"error\": \"Unauthorized\"}, status_code=401)\n    return response(scope, receive, send)\nreturn self.app(scope, receive, send)\n```\n\nThe request `scope` includes the request\u0027s `Host:` header and reconstructs the URL as shown below:\n\n```py\nf\"{scheme}://{host_header}{path}\"\n```\n\nNeither starlette nor [any of the ASGI servers](https://asgi.readthedocs.io/en/latest/implementations.html#servers) (including uvicorn, which vllm uses) properly filter the `Host:` header for invalid characters. This allows an attacker to include special URL characters such as `/` or `?` in the `Host:` header and thereby control the reconstructed URL and it\u0027s `.path` attribute.\n\nFastAPI/starlette\u0027s routing uses the HTTP path and does not depend on the parsed url.path attribute, allowing attackers to reach an endpoint via a certain path while providing a different value in the `.path`.\n\n### Impact\n- Instances of vllm that use an API Key for the OpenAI API and expose the API to attackers.\n- Instances behind an RFC-conforming web server (such as nginx) are **not** affected.",
  "id": "GHSA-94f4-hr76-p5j6",
  "modified": "2026-06-16T17:36:41Z",
  "published": "2026-06-16T17:36:41Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-94f4-hr76-p5j6"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vllm-project/vllm/pull/43426"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vllm-project/vllm"
    },
    {
      "type": "WEB",
      "url": "https://x41-dsec.de/lab/advisories/x41-2026-002-starlette"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "vLLM: OpenAI auth bypass"
}

GHSA-9548-QRRJ-X5PJ

Vulnerability from github – Published: 2025-07-14 19:33 – Updated: 2025-07-15 00:34
VLAI
Summary
AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections
Details

Summary

The Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request.

Impact

If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections.


Patch: https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "aiohttp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-53643"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-444"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-14T19:33:31Z",
    "nvd_published_at": "2025-07-14T21:15:27Z",
    "severity": "LOW"
  },
  "details": "### Summary\nThe Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request.\n\n### Impact\nIf a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections.\n\n----\n\nPatch: https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a",
  "id": "GHSA-9548-qrrj-x5pj",
  "modified": "2025-07-15T00:34:20Z",
  "published": "2025-07-14T19:33:31Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53643"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/aio-libs/aiohttp"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": " AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections"
}

GHSA-9667-7P67-2364

Vulnerability from github – Published: 2026-06-17 21:34 – Updated: 2026-06-17 21:34
VLAI
Details

Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the proxy and backend parser state, allowing injection of arbitrary HTTP requests to the backend to enable cache poisoning, access control bypass, and request hijacking.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-54387"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-444"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-17T20:17:27Z",
    "severity": "CRITICAL"
  },
  "details": "Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the proxy and backend parser state, allowing injection of arbitrary HTTP requests to the backend to enable cache poisoning, access control bypass, and request hijacking.",
  "id": "GHSA-9667-7p67-2364",
  "modified": "2026-06-17T21:34:39Z",
  "published": "2026-06-17T21:34:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54387"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tinyproxy/tinyproxy/issues/609"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tinyproxy/tinyproxy/pull/610"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tinyproxy/tinyproxy/commit/ff45d3bf0e61d0f8ed97ab379d3047f04eb67521"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/tinyproxy-http-request-smuggling-via-cl-te-desynchronization"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Implementation

Use a web server that employs a strict HTTP parsing procedure, such as Apache [REF-433].

Mitigation
Implementation

Use only SSL communication.

Mitigation
Implementation

Terminate the client session after each request.

Mitigation
System Configuration

Turn all pages to non-cacheable.

CAPEC-273: HTTP Response Smuggling

An adversary manipulates and injects malicious content in the form of secret unauthorized HTTP responses, into a single HTTP response from a vulnerable or compromised back-end HTTP agent (e.g., server).

See CanPrecede relationships for possible consequences.

CAPEC-33: HTTP Request Smuggling

An adversary abuses the flexibility and discrepancies in the parsing and interpretation of HTTP Request messages using various HTTP headers, request-line and body parameters as well as message sizes (denoted by the end of message signaled by a given HTTP header) by different intermediary HTTP agents (e.g., load balancer, reverse proxy, web caching proxies, application firewalls, etc.) to secretly send unauthorized and malicious HTTP requests to a back-end HTTP agent (e.g., web server).

See CanPrecede relationships for possible consequences.