CVE-2020-13943: HTTP Request Smuggling
(updated )
If an HTTP/2
client connecting to Apache Tomcat to M1 to to exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2
protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2
pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.
References
Detect and mitigate CVE-2020-13943 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →