← voltar
CVE-2020-7670

CVE-2020-7670

EPSS 1.2%
agoo prior to 2.14.0 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks where `agoo` is used as part of a chain of backend servers due to insufficient `Content-Length` and `Transfer Encoding` parsing.
Produtos afetados
n/a · agoo

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/ohler55/agoo/commit/23d03535cf7b50d679a60a953a0cae9519a4a130https://github.com/ohler55/agoo/issues/88https://snyk.io/vuln/SNYK-RUBY-AGOO-569137