The manipulation leads to denial of service. Affected by this issue is some unknown functionality of the component Connection Handler. Apply this patch: Ī vulnerability, which was classified as problematic, has been found in Mafiatic Blue Server 1.1. Upgrade bRPC to version 1.8.0, which fixes this issue. Solution: You can choose one solution from below: 1. in that case an attacker can smuggle a request into the connection to the backend server. One particular attack scenario is that a bRPC made http server on the backend receiving requests in one persistent connection from frontend server that uses TE to parse request with the logic that 'chunk' is contained in the TE field. Attack scenario: If a message is received with both a Transfer-Encoding and a Content-Length header field, such a message might indicate an attempt to perform request smuggling or response splitting. Vulnerability Cause Description: The http_parser does not comply with the RFC-7230 HTTP 1.1 specification. Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Configured cipher suites are not respected either. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert reloader` was introduced in v2.37.0. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. Users unable to upgrade should make sure to always consume the incoming body.ĭex is an identity service that uses OpenID Connect to drive authentication for other apps. This issue has been addressed in version 6.6.1. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. Undici is an HTTP/1.1 client, written from scratch for Node.js. There are no known workarounds for this vulnerability. This issue has been patched in versions 5.28.3 and 6.6.1. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |