Sign In

CVE-2022-2880

SOURCE - nist

Summary

Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged.

EPSS Score: 0.00156 (0.518)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

SOURCE - redhat

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Sources (34)

Impacted images

nist

CREATED

UPDATED

SOURCE IDCVE-2022-2880
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CWE-444

CVSS SCORE

7.5high

alpine

CREATED

UPDATED

SOURCE IDCVE-2022-2880
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

debian

CREATED

UPDATED

SOURCE IDCVE-2022-2880
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

ubuntu

CREATED

UPDATED

SOURCE IDCVE-2022-2880
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5medium

golang

CREATED

UPDATED

SOURCE IDGO-2022-1038
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

alma

CREATED

UPDATED

SOURCE IDALSA-2023:2866
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

alma

CREATED

UPDATED

SOURCE IDALSA-2023:0446
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

alma

CREATED

UPDATED

SOURCE IDALSA-2023:2780
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

alma

CREATED

UPDATED

SOURCE IDALSA-2023:2357
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

alma

CREATED

UPDATED

SOURCE IDALSA-2023:0328
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

alma

CREATED

UPDATED

SOURCE IDALSA-2023:2204
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

alma

CREATED

UPDATED

SOURCE IDALSA-2023:2167
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

alma

CREATED

UPDATED

SOURCE IDALSA-2023:2784
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

alma

CREATED

UPDATED

SOURCE IDALSA-2024:0121
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

amazon

CREATED

UPDATED

SOURCE IDALAS-2023-2015
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

amazon

CREATED

UPDATED

SOURCE IDALAS2023-2023-175
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

bitnami

CREATED

UPDATED

SOURCE ID

BIT-2022-2880

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

bitnami

CREATED

UPDATED

SOURCE ID

BIT-golang-2022-2880

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

redhat

CREATED

UPDATED

SOURCE IDCVE-2022-2880
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-444

CVSS SCORE

7.5medium

rocky

CREATED

UPDATED

SOURCE IDRLSA-2023:0328
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

rocky

CREATED

UPDATED

SOURCE IDRLSA-2023:0446
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

suse

CREATED

UPDATED

SOURCE IDCVE-2022-2880
EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5high

oracle

CREATED

UPDATED

SOURCE IDELSA-2022-24267
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

oracle

CREATED

UPDATED

SOURCE IDELSA-2023-2866
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

oracle

CREATED

UPDATED

SOURCE IDELSA-2023-2204
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

oracle

CREATED

UPDATED

SOURCE IDELSA-2023-2357
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

oracle

CREATED

UPDATED

SOURCE IDELSA-2023-0328
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

oracle

CREATED

UPDATED

SOURCE IDELSA-2023-2780
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

oracle

CREATED

UPDATED

SOURCE IDELSA-2023-2784
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

oracle

CREATED

UPDATED

SOURCE IDELSA-2023-18908
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

oracle

CREATED

UPDATED

SOURCE IDELSA-2023-2167
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

oracle

CREATED

UPDATED

SOURCE IDELSA-2023-0446
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

oracle

CREATED

UPDATED

SOURCE IDELSA-2024-0121
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

inthewild

CREATED

UPDATED

SOURCE IDCVE-2022-2880
EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE