Bug 6306 - [Anolis OS 8] Bugfix for CVE-2022-25881
Summary: [Anolis OS 8] Bugfix for CVE-2022-25881
Status: NEW
Alias: None
Product: Anolis OS 8
Classification: Anolis OS
Component: BaseOS Packages (show other bugs) BaseOS Packages
Version: 8.6
Hardware: All Linux
: P3-Medium S3-normal
Target Milestone: ---
Assignee: Jacob
QA Contact: shuming
URL:
Whiteboard:
Keywords: CVE
Depends on:
Blocks:
 
Reported: 2023-08-31 16:26 UTC by 小龙
Modified: 2023-08-31 16:26 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description 小龙 admin 2023-08-31 16:26:58 UTC
Description:
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.

Broken commit info:

Bugfix commit info: