CVE-2023-52354: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

January 22, 2024 (updated January 29, 2024)

chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted.

References

blitiri.com.ar/p/chasquid/relnotes/
github.com/advisories/GHSA-g4x3-mfpj-f335
github.com/albertito/chasquid/commit/a996106eeebe81a292ecba838c7503cac7493e74
github.com/albertito/chasquid/issues/47
nvd.nist.gov/vuln/detail/CVE-2023-52354

Code Behaviors & Features

Detect and mitigate CVE-2023-52354 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →