x/vulndb: potential Go vuln in github.com/kubernetes/ingress-nginx: CVE-2019-20372 #2252
Labels
excluded: LEGACY_FALSE_POSITIVE
(DO NOT USE) Vulnerability marked as false positive before we introduced the triage process
CVE-2019-20372 references github.com/kubernetes/ingress-nginx, which may be a Go module.
Description:
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
References:
Cross references:
No existing reports found with this module or alias.
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: