CNNVD-202511-898 Information
Nov 10, 2025
cve
CNNVD ID
CNNVD-202511-898
Related CVE
- CNNVD Published: 2025-11-10
Description (Chinese)
oauth2-proxy是OAuth2 Proxy开源的一个反向代理软件。 OAuth2-Proxy 7.13.0之前版本存在安全漏洞,该漏洞源于HTTP标头处理不当,可能导致权限提升。
Description (English)
Oauth2-proxy is a reverse agent for OAuth2 Proxy open source. There is a security loophole in the pre-OAuth2-Proxy 7.1.03.0 version, which stems from the improper handling of HTTP markers, which may lead to increased access.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
OAuth2 Proxy
Published
2025-11-10
Last Modified
2026-02-24
References
https://datatracker.ietf.org/doc/html/rfc2616#section-4.2 https://datatracker.ietf.org/doc/html/rfc822#section-3.2 https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-vjrc-mh2v-45x6 https://github.security.telekom.com/2020/05/smuggling- https://www.uptimia.com/questions/why-are-
Patch
https://oauth2-proxy.github.io/oauth2-proxy/
Share on: