CVE-2020-7655 – netius

Package

Manager: pip
Name: netius
Vulnerable Version: >=0 <1.17.58

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00238 pctl0.46935

Details

HTTP Request Smuggling in netius netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could allow for CL:TE or TE:TE attacks.

Metadata

Created: 2021-06-18T18:31:40Z
Modified: 2024-10-07T15:08:10Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-wm2m-xrrp-j74c/GHSA-wm2m-xrrp-j74c.json
CWE IDs: ["CWE-444"]
Alternative ID: GHSA-wm2m-xrrp-j74c
Finding: F110
Auto approve: 1