HTTP Request Smuggling in Twisted
Critical severity
GitHub Reviewed
Published
Mar 31, 2020
to the GitHub Advisory Database
•
Updated Nov 25, 2024
Description
Published by the National Vulnerability Database
Mar 12, 2020
Reviewed
Mar 31, 2020
Published to the GitHub Advisory Database
Mar 31, 2020
Last updated
Nov 25, 2024
In Twisted Web through 20.3.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.
References