Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
3.9
-
-
3.9
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
BIT-2022-1705
-
BIT-golang-2022-1705
-
3.9
-
-
-
-
-
-
-
-
-
3.9
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-