Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
goliath 环境问题漏洞
Vulnerability Description
goliath是一款用于编写API服务器的异步框架。 goliath 1.0.6及之前版本中存在安全漏洞。攻击者可通过发送两次Content-Length标头利用该漏洞进行HTTP请求走私攻击。
CVSS Information
N/A
Vulnerability Type
N/A