CVE-2020-7655
First published: Thu May 21 2020(Updated: )
netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could allow for CL:TE or TE:TE attacks.
Credit: report@snyk.io report@snyk.io
| Affected Software | Affected Version | How to fix |
|---|---|---|
| pip/netius | <1.17.58 | 1.17.58 |
| Hive Netius | <1.17.58 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-7655?
The severity of CVE-2020-7655 is medium.
How does CVE-2020-7655 impact netius prior to 1.17.58?
CVE-2020-7655 can lead to HTTP Request Smuggling and request smuggling attacks.
What is the affected software for CVE-2020-7655?
The affected software for CVE-2020-7655 is netius prior to 1.17.58.
How can I fix CVE-2020-7655?
To fix CVE-2020-7655, update netius to version 1.17.58 or higher.
Where can I find more information about CVE-2020-7655?
You can find more information about CVE-2020-7655 at the following references: [NVD](https://nvd.nist.gov/vuln/detail/CVE-2020-7655), [Snyk](https://snyk.io/vuln/SNYK-PYTHON-NETIUS-569141), [GitHub](https://github.com/hivesolutions/netius/commit/9830881ef68328f8ea9c7901db1d11690677e7d1)
- collector/github-advisory-latest
- alias/GHSA-wm2m-xrrp-j74c
- alias/CVE-2020-7655
- collector/github-advisory
- collector/nvd-index
- collector/nvd-cve
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- package-manager/pip
- vendor/hive
- canonical/hive netius