How severe is CVE-2020-5207?

CVE-2020-5207 has a CVSS v3 score of 5.4 (MEDIUM).

CVE-2020-5207

Name: ktor
Author: jetbrains

5.4MEDIUM

In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.

Опубликовано: 1/27/2020Обновлено: 11/21/2024

Описание

In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.

ИИ-АнализНа базе ИИ

Затронутые продукты

jetbrainsktor

Ссылки

https://github.com/ktorio/ktor/pull/1547
PatchThird Party Advisory
https://github.com/ktorio/ktor/security/advisories/GHSA-xrr9-rh8p-433v
Third Party Advisory
https://github.com/ktorio/ktor/pull/1547
PatchThird Party Advisory
https://github.com/ktorio/ktor/security/advisories/GHSA-xrr9-rh8p-433v
Third Party Advisory