CVE-2020-7670 – agoo

Package

Manager: gem
Name: agoo
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: N/A

CVSS v4.0: N/A

EPSS: 0.00289 pctl0.51959

Details

Withdrawn: HTTP Request Smuggling in Agoo # Withdrawn reason Withdrawn on 1/13/2021 due to [this comment from the maintainer](https://github.com/ohler55/agoo/issues/88#issuecomment-723580783). This is no longer considered a vulnerability. # Original description agoo through 2.12.3 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks.

Metadata

Created: 2020-10-20T19:15:38Z
Modified: 2021-01-13T19:25:43Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/10/GHSA-h385-52j6-9984/GHSA-h385-52j6-9984.json
CWE IDs: ["CWE-444"]
Alternative ID: GHSA-h385-52j6-9984
Finding: N/A
Auto approve: 0