Closed anas-cherni closed 7 months ago
The library right now expects to be put behind a reverse proxy which will protect against these kinds of issues. There is a lot of hardening required against these types of issues before you can run it on the open internet.
Vulnerability Details: 1) Products: HttpBeast, Jester 2) Tested Version: latest versions 3) Vulnerability: Http 1.1 request smuggling 4) PoC:
5) Impact: It is feasible to surreptitiously introduce a malicious request, leading to a disruption in the user experience. This vulnerability may result in various impacts such as Session Hijacking, Privilege Escalation, cache poisoning, and Denial of Service (DoS). Additionally, Self-XSS has the potential to escalate into a more severe Cross-Site Scripting (XSS) attack. In a broader context, this vulnerability can be interconnected with other vulnerabilities, amplifying their overall severity.