Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
h3 v1 has Request Smuggling (TE.TE) issue
Vulnerability Description
H3 is a minimal H(TTP) framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this header should be case-insensitive. This vulnerability is fixed in 1.15.5.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
Vulnerability Type
HTTP请求的解释不一致性(HTTP请求私运)
Vulnerability Title
H3 环境问题漏洞
Vulnerability Description
H3是H3开源的一个HTTP框架。 H3 1.15.5之前版本存在环境问题漏洞,该漏洞源于Transfer-Encoding标头检查严格区分大小写,可能导致HTTP请求夹带攻击。
CVSS Information
N/A
Vulnerability Type
N/A