Home
MEDIUM: 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:NDefault status
unaffected
4.0.0 (semver)
affected
5.0.0 (semver) before 5.0.2
affected
Description
Eclipse Grizzly in versions before 5.0.2, cannot properly parse the trailer section in malformed trailer header's line, which can be leveraged to perform HTTP request smuggling.
Problem types
CWE-444: Inconsistent Interpretation of HTTP Requests
Product status
4.0.0 (semver)
5.0.0 (semver) before 5.0.2
Credits
Sebastiano Sartor
References
gitlab.eclipse.org/security/cve-assignment/-/work_items/129