Skip to content

Instantly share code, notes, and snippets.

@anas-cherni

anas-cherni/gist:dd297786750f300a2bab3bb73fee919b

Last active January 20, 2024 11:21
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save anas-cherni/dd297786750f300a2bab3bb73fee919b to your computer and use it in GitHub Desktop.
Save anas-cherni/dd297786750f300a2bab3bb73fee919b to your computer and use it in GitHub Desktop.
Download ZIP
CVE-2023-50693 - HTTP Request Smuggling in Jester v.0.6.0 and beofre
Raw
gistfile1.txt
> [Suggested description]
> An issue in Jester v.0.6.0 and before allows a remote attacker to
> send a malicious crafted request.
>
> [VulnerabilityType Other]
> HTTP Request Smuggling
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Jester - all versions <= 0.6.0 are affected
>
> ------------------------------------------
>
> [Affected Component]
> request.nim
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Denial of Service]
> true
>
> ------------------------------------------
>
> [Impact Escalation of Privileges]
> true
>
> ------------------------------------------
>
> [Impact Information Disclosure]
> true
>
> ------------------------------------------
>
> [CVE Impact Other]
> This vulnerability can be chained with XSS and cache poisoning
>
> ------------------------------------------
>
> [Attack Vectors]
> To exploit this vulnerability, and attacker could craft malicious requests to trick the system, posing security risks like unauthorized access, information disclosure, and bypassing security controls.
>
> ------------------------------------------
>
> [Reference]
> https://github.com/dom96/jester/issues/326
> https://github.com/dom96/jester/pull/327
>
> ------------------------------------------
>
> [Discoverer]
> Anas Cherni (n0s)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment