- Issued
-
- Package
-
tiny_http
(crates.io)
- Type
-
Vulnerability
- Aliases
-
- Details
-
https://github.com/tiny-http/tiny-http/issues/173
- Patched
-
- Keywords
-
Description
HTTP pipelining issues and request smuggling attacks are possible due to incorrect
Transfer encoding header parsing.
It is possible conduct HTTP request smuggling attacks (CL:TE/TE:TE) by sending invalid Transfer Encoding headers.
By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information
from requests other than their own.
More