CVE-2020-5207

Summary

In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.

Affected Software

VendorProductVersion RangeStatus
Ktor.ioKtor< 1.3.0affected

Weaknesses

  • CWE-444: CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

ADP Enrichment

CVE Program Container

Additional References

References