Commits on Feb 23, 2024

1. Update Fixed Inconsistent Interpretation of HTTP Requests Smuggling …

   ## Description Summary 
   Affected of this project `mongodb/mongo` are vulnerable to HTTP Request Smuggling in the `twisted.web.http` module which makes non-conformant parsing and can lead to desync if requests pass through multiple HTTP parsers. Note: To be vulnerable, applications need to both use Twisted Web's HTTP server/proxy, along with some other HTTP server/proxy.
   
   ```js
         endOfLengthIndex = self._buffer.find(b";", 0, eolIndex)
           if endOfLengthIndex == -1:
               endOfLengthIndex = eolIndex
           try:
               length = int(self._buffer[0:endOfLengthIndex], 16)
           except ValueError:
               raise _MalformedChunkedDataError("Chunk-size must be an integer.")
   
           if length < 0:
               raise _MalformedChunkedDataError("Chunk-size must not be negative.")
           elif length == 0:
   ```
   ```
           self.assertEqual(
               request.requestHeaders.getRawHeaders(b"spaces"),
               [b"spaces   spaces    spaces"],
           )
           self.assertEqual(
               request.requestHeaders.getRawHeaders(b"tab"),
               [b"t \ta \tb"],
   ```
   ## Impact 
   The specifics of the other HTTP parser matter. The original report notes that some versions of Apache Traffic Server and HAProxy have been vulnerable in the past. HTTP request smuggling may be a serious concern if you use a proxy to perform request validation or access control.
   
   
   CVE-2022-24801
   CWE-444
   **`CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H`**

   

   imhunterand committed Feb 23, 2024
   Configuration menu

   • View commit details
   • Copy full SHA for 35a22b2
   • Browse repository at this point

   Copy the full SHA

   35a22b2 View commit details

   Browse the repository at this point in the history