First published: Thu May 21 2020(Updated: )
netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could allow for CL:TE or TE:TE attacks.
Credit: report@snyk.io report@snyk.io
Affected Software | Affected Version | How to fix |
---|---|---|
pip/netius | <1.17.58 | 1.17.58 |
Hive Netius | <1.17.58 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-7655 is medium.
CVE-2020-7655 can lead to HTTP Request Smuggling and request smuggling attacks.
The affected software for CVE-2020-7655 is netius prior to 1.17.58.
To fix CVE-2020-7655, update netius to version 1.17.58 or higher.
You can find more information about CVE-2020-7655 at the following references: [NVD](https://nvd.nist.gov/vuln/detail/CVE-2020-7655), [Snyk](https://snyk.io/vuln/SNYK-PYTHON-NETIUS-569141), [GitHub](https://github.com/hivesolutions/netius/commit/9830881ef68328f8ea9c7901db1d11690677e7d1)