Skip to content

Request smuggling is possible when both chunked TE and content length specified

Low severity GitHub Reviewed Published Jan 27, 2020 in ktorio/ktor • Updated Jan 9, 2023

Package

maven io.ktor:ktor-client-cio (Maven)

Affected versions

< 1.3.0

Patched versions

1.3.0
maven io.ktor:ktor-server-cio (Maven)
< 1.3.0
1.3.0

Description

Impact

Request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle alone \n as a headers separator.

Patches

ktorio/ktor#1547

Workarounds

None except migrating to a better proxy.

References

https://portswigger.net/web-security/request-smuggling
https://tools.ietf.org/html/rfc7230#section-9.5

References

@cy6erGn0m cy6erGn0m published to ktorio/ktor Jan 27, 2020
Reviewed Jan 27, 2020
Published to the GitHub Advisory Database Jan 27, 2020
Last updated Jan 9, 2023

Severity

Low

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(34th percentile)

Weaknesses

CVE ID

CVE-2020-5207

GHSA ID

GHSA-xrr9-rh8p-433v

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.