Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-23 | CVE-2021-20220 | Http Request Smuggling vulnerability in Redhat Undertow 1.0.0 A flaw was found in Undertow. | 5.8 |
2021-02-17 | CVE-2021-23339 | Http Request Smuggling vulnerability in Lightbend Akka-Http This affects all versions of package com.typesafe.akka:akka-http-core. | 6.4 |
2021-02-15 | CVE-2021-23336 | Http Request Smuggling vulnerability in multiple products The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. | 4.0 |
2021-02-11 | CVE-2021-21299 | Http Request Smuggling vulnerability in Hyper hyper is an open-source HTTP library for Rust (crates.io). | 6.8 |
2021-02-06 | CVE-2021-22293 | Http Request Smuggling vulnerability in Huawei Campusinsight, Manageone and Taurus-Al00A Firmware Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. | 5.0 |
2021-02-03 | CVE-2021-25762 | Http Request Smuggling vulnerability in Jetbrains Ktor In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. | 5.0 |
2021-01-20 | CVE-2020-28483 | Http Request Smuggling vulnerability in Gin-Gonic GIN This affects all versions of package github.com/gin-gonic/gin. | 5.8 |
2021-01-18 | CVE-2020-28476 | Http Request Smuggling vulnerability in Tornadoweb Tornado All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. | 5.8 |
2021-01-18 | CVE-2020-28473 | Http Request Smuggling vulnerability in multiple products The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. | 5.8 |
2021-01-12 | CVE-2021-21445 | Http Request Smuggling vulnerability in SAP Commerce Cloud SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, and sent to a Web user. | 3.5 |