Last active
January 20, 2024 11:21
-
-
Save anas-cherni/dd297786750f300a2bab3bb73fee919b to your computer and use it in GitHub Desktop.
CVE-2023-50693 - HTTP Request Smuggling in Jester v.0.6.0 and beofre
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
> [Suggested description] | |
> An issue in Jester v.0.6.0 and before allows a remote attacker to | |
> send a malicious crafted request. | |
> | |
> [VulnerabilityType Other] | |
> HTTP Request Smuggling | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Product Code Base] | |
> Jester - all versions <= 0.6.0 are affected | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Component] | |
> request.nim | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Type] | |
> Remote | |
> | |
> ------------------------------------------ | |
> | |
> [Impact Denial of Service] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Impact Escalation of Privileges] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Impact Information Disclosure] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [CVE Impact Other] | |
> This vulnerability can be chained with XSS and cache poisoning | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Vectors] | |
> To exploit this vulnerability, and attacker could craft malicious requests to trick the system, posing security risks like unauthorized access, information disclosure, and bypassing security controls. | |
> | |
> ------------------------------------------ | |
> | |
> [Reference] | |
> https://github.com/dom96/jester/issues/326 | |
> https://github.com/dom96/jester/pull/327 | |
> | |
> ------------------------------------------ | |
> | |
> [Discoverer] | |
> Anas Cherni (n0s) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment