{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T06:53:13.151","vulnerabilities":[{"cve":{"id":"CVE-2020-7671","sourceIdentifier":"report@snyk.io","published":"2020-06-10T16:15:10.587","lastModified":"2024-11-21T05:37:34.917","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks."},{"lang":"es","value":"goliath versiones hasta 1.0.6, permite ataques de tráfico no autorizado de peticiones en los que goliath se utiliza como backend y un proxy frontend también es vulnerable. Es posible llevar a cabo ataques de tráfico no autorizado de peticiones HTTP mediante el envío del encabezado Content-Length dos veces. Adicionalmente, se encontró que los encabezados de Transfer Encoding no válidos se analizaron como válidos, lo que podría ser aprovechado para los ataques de tráfico no autorizado de TE:CL"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-444"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:goliath_project:goliath:*:*:*:*:*:ruby:*:*","versionEndIncluding":"1.0.6","matchCriteriaId":"079332CF-A488-425D-A4C7-3804B6EBE665"}]}]}],"references":[{"url":"https://github.com/postrank-labs/goliath/issues/351%2C","source":"report@snyk.io"},{"url":"https://snyk.io/vuln/SNYK-RUBY-GOLIATH-569136","source":"report@snyk.io","tags":["Third Party Advisory"]},{"url":"https://github.com/postrank-labs/goliath/issues/351%2C","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://snyk.io/vuln/SNYK-RUBY-GOLIATH-569136","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}