Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in