CVE-2020-7655

MEDIUM

netius < 1.17.58 - HTTP Request Smuggling via Transfer-Encoding Header Parsing

Title source: llm
STIX 2.1

Description

netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could allow for CL:TE or TE:TE attacks.

References (1)

Core 1
Core References
Patch, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-PYTHON-NETIUS-569141

Scores

CVSS v3 6.1
EPSS 0.0081
EPSS Percentile 52.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-444
Status published
Products (2)
hive/netius < 1.17.58
pypi/netius 0 - 1.17.58PyPI
Published May 21, 2020
Tracked Since Feb 18, 2026