CVE-2020-7655: HTTP Request Smuggling in netius
(updated )
netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could allow for CL:TE or TE:TE attacks.
References
- github.com/advisories/GHSA-wm2m-xrrp-j74c
- github.com/hivesolutions/netius
- github.com/hivesolutions/netius/commit/9830881ef68328f8ea9c7901db1d11690677e7d1
- github.com/pypa/advisory-database/tree/main/vulns/netius/PYSEC-2020-242.yaml
- nvd.nist.gov/vuln/detail/CVE-2020-7655
- snyk.io/vuln/SNYK-PYTHON-NETIUS-569141
Detect and mitigate CVE-2020-7655 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →