Http4s vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section
http4s is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section. This vulnerability could enable attackers to: Bypass front-end servers security controls Launch targeted attacks against active users Poison web caches Pre-requisites for the exploitation: the web appication has to be deployed behind a reverse-proxy that forwards trailer headers.