Description
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.
Remediation
References
Related Vulnerabilities
Multiple SugarCRM Products Remote Code Execution Vulnerability (CVE-2023-22952)
ownCloud Uncontrolled Resource Consumption Vulnerability (CVE-2017-5867)
WordPress Plugin Contact Form 7 Database Multiple Vulnerabilities (1.1)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-31546)