CVE-2020-7655
HTTP Request Smuggling in netius
6.1
MEDIUM
CVSS 3.1
EPSS 0.24%
Description
netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could allow for CL:TE or TE:TE attacks.
How to fix CVE-2020-7655
To remediate CVE-2020-7655, upgrade the affected package to a fixed version below.
- PyPI/netius—upgrade to 1.17.58 or later
- —upgrade to 1.17.58 or later
Is CVE-2020-7655 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.17.58
- from 0, < 1.17.58
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |