Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-20 | CVE-2020-28483 | HTTP Request Smuggling vulnerability in Gin-Gonic GIN This affects all versions of package github.com/gin-gonic/gin. | 5.8 |
2021-01-18 | CVE-2020-28473 | HTTP Request Smuggling vulnerability in multiple products The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. | 5.8 |
2021-01-12 | CVE-2021-21445 | HTTP Request Smuggling vulnerability in SAP Commerce Cloud SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, and sent to a Web user. | 3.5 |
2021-01-11 | CVE-2020-17509 | HTTP Request Smuggling vulnerability in Apache Traffic Server ATS negative cache option is vulnerable to a cache poisoning attack. | 4.3 |
2021-01-07 | CVE-2020-4896 | HTTP Request Smuggling vulnerability in IBM Emptoris Sourcing 10.1.0.0 IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. | 6.4 |
2021-01-06 | CVE-2020-8287 | HTTP Request Smuggling vulnerability in multiple products Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). | 6.5 |
2020-12-31 | CVE-2020-35884 | HTTP Request Smuggling vulnerability in multiple products An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. | 6.5 |
2020-12-21 | CVE-2020-26281 | HTTP Request Smuggling vulnerability in Rust-Lang Async-H1 async-h1 is an asynchronous HTTP/1.1 parser for Rust (crates.io). | 5.8 |
2020-11-18 | CVE-2020-28361 | HTTP Request Smuggling vulnerability in Kamailio Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. | 5.5 |
2020-11-16 | CVE-2020-26129 | HTTP Request Smuggling vulnerability in Jetbrains Ktor In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. | 6.4 |