CVE-2022-1705

ADVISORY - nist

Summary

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

EPSS Score⁠: 0.00046 (0.141)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-444⁠

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

ADVISORY - redhat

CWE-444⁠

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.