Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
h11 accepts some malformed Chunked-Encoding bodies
Vulnerability Description
h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
HTTP请求的解释不一致性(HTTP请求私运)
Vulnerability Title
h11 环境问题漏洞
Vulnerability Description
h11是Nathaniel J. Smith个人开发者的一个用Python从头编写的小型HTTP/1.1库。 h11 0.16.0之前版本存在环境问题漏洞,该漏洞源于行终止符解析不当,可能导致请求夹带攻击。
CVSS Information
N/A
Vulnerability Type
N/A