It was discovered that the nghttp2 nghttpx proxy incorrectly handled HTTP/1.1 Upgrade requests that included a Content-Length header and body. A remote attacker could possibly use this issue to perform HTTP request and response smuggling attacks against backend services.
Continue reading...
Continue reading...

