2024-11-11 00:00:00
mitre
PUBLISHED
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because 0 characters at the end of header names are ignored, i.e., a "Transfer-Encoding0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.