You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: crates/pingora-core/RUSTSEC-0000-0000.md
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -21,7 +21,7 @@ unaffected = []
21
21
22
22
Pingora versions prior to 0.5.0 which used the caching functionality in pingora-proxy did not properly drain the downstream request body on cache hits.
23
23
24
-
This allows an attacker to craft malicious requests which could lead to request smuggling or cache poisoning.
24
+
This allows an attacker to craft malicious HTTP/1.1 requests which could lead to request smuggling or cache poisoning.
25
25
26
26
This flaw was corrected in commit fda3317ec822678564d641e7cf1c9b77ee3759ff by ensuring that the downstream request body is always drained before a connection can be reused.
0 commit comments