Skip to content

Request smuggling is possible when both chunked TE and content length specified

Low severity GitHub Reviewed Published Jan 27, 2020 in ktorio/ktor • Updated Jan 9, 2023

Package

maven io.ktor:ktor-client-cio (Maven)

Affected versions

< 1.3.0

Patched versions

1.3.0
maven io.ktor:ktor-server-cio (Maven)
< 1.3.0
1.3.0

Description

Impact

Request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle alone \n as a headers separator.

Patches

ktorio/ktor#1547

Workarounds

None except migrating to a better proxy.

References

https://portswigger.net/web-security/request-smuggling
https://tools.ietf.org/html/rfc7230#section-9.5

References

@cy6erGn0m cy6erGn0m published to ktorio/ktor Jan 27, 2020
Reviewed Jan 27, 2020
Published to the GitHub Advisory Database Jan 27, 2020
Last updated Jan 9, 2023

Severity

Low

EPSS score

0.071%
(33rd percentile)

Weaknesses

CVE ID

CVE-2020-5207

GHSA ID

GHSA-xrr9-rh8p-433v

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.