Ben Kallus
Ben Kallus
❓ **I'm submitting a ...** - [X] 🐞 bug report - [ ] 🐣 feature request - [ ] ❓ question about the decisions made in the repository 🐞 **Describe...
❓ **I'm submitting a ...** - [X] 🐞 bug report - [ ] 🐣 feature request - [ ] ❓ question about the decisions made in the repository 🐞 **Describe...
❓ **I'm submitting a ...** - [X] 🐞 bug report - [ ] 🐣 feature request - [ ] ❓ question about the decisions made in the repository 🐞 **Describe...
❓ **I'm submitting a ...** - [X] 🐞 bug report - [ ] 🐣 feature request - [ ] ❓ question about the decisions made in the repository 🐞 **Describe...
❓ **I'm submitting a ...** - [X] 🐞 bug report - [ ] 🐣 feature request - [ ] ❓ question about the decisions made in the repository 🐞 **Describe...
When OLS receives a message with an unrecognized `Transfer-Encoding` value, it is ignored. This is dangerous because the `Transfer-Encoding` header affects message framing, so there is little certainty that received...
# Summary When OLS is acting as a gateway, and receives a request with two `Content-Length` headers, it forwards both, but interprets only the first. Thus, when the origin server...
I reported this privately in 2023, and was told "we do not feel it need to be fixed, as it is valid HTTP request, it is the backend responsibility to...
The following 2 facts allow for request smuggling through LiteSpeed proxies to LiteSpeed[^1], H2O, Libevent, and Mongoose backends. [^1]: This is cool! Typically, request smuggling vulnerabilities affect heteroegenous setups. 1....
# Version ``` deno 1.44.4 (debug, x86_64-unknown-linux-gnu) v8 12.7.224.9 typescript 5.5.2 ``` # Description Deno HTTP/1.1 servers allow chunked message bodies to be terminated by `\r\n\r\n` alone (i.e., not `0\r\n\r\n`)....