CVE-2020-7764: Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)

November 8, 2020 (updated November 16, 2020)

This affects the package find-my-way, from It accepts the Accept-Version header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack.

References

nvd.nist.gov/vuln/detail/CVE-2020-7764

Code Behaviors & Features

Detect and mitigate CVE-2020-7764 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →