You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Request smuggling is possible when both chunked TE and content length specified
Low severity
GitHub Reviewed
Published
Jan 27, 2020
in
ktorio/ktor
•
Updated Jan 9, 2023
Request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle alone \n as a headers separator.
Impact
Request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle alone \n as a headers separator.
Patches
ktorio/ktor#1547
Workarounds
None except migrating to a better proxy.
References
https://portswigger.net/web-security/request-smuggling
https://tools.ietf.org/html/rfc7230#section-9.5
References