Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

DATE CVE VULNERABILITY TITLE RISK
2021-02-23 CVE-2021-20220 Http Request Smuggling vulnerability in Redhat Undertow 1.0.0
A flaw was found in Undertow.
network
redhat CWE-444
5.8
2021-02-17 CVE-2021-23339 Http Request Smuggling vulnerability in Lightbend Akka-Http
This affects all versions of package com.typesafe.akka:akka-http-core.
network
low complexity
lightbend CWE-444
6.4
2021-02-15 CVE-2021-23336 Http Request Smuggling vulnerability in multiple products
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking.
network
high complexity
python debian fedoraproject CWE-444
4.0
2021-02-11 CVE-2021-21299 Http Request Smuggling vulnerability in Hyper
hyper is an open-source HTTP library for Rust (crates.io).
network
hyper CWE-444
6.8
2021-02-06 CVE-2021-22293 Http Request Smuggling vulnerability in Huawei Campusinsight, Manageone and Taurus-Al00A Firmware
Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability.
network
low complexity
huawei CWE-444
5.0
2021-02-03 CVE-2021-25762 Http Request Smuggling vulnerability in Jetbrains Ktor
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.
network
low complexity
jetbrains CWE-444
5.0
2021-01-20 CVE-2020-28483 Http Request Smuggling vulnerability in Gin-Gonic GIN
This affects all versions of package github.com/gin-gonic/gin.
network
gin-gonic CWE-444
5.8
2021-01-18 CVE-2020-28476 Http Request Smuggling vulnerability in Tornadoweb Tornado
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking.
5.8
2021-01-18 CVE-2020-28473 Http Request Smuggling vulnerability in multiple products
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking.
5.8
2021-01-12 CVE-2021-21445 Http Request Smuggling vulnerability in SAP Commerce Cloud
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, and sent to a Web user.
network
sap CWE-444
3.5