reports/GO-2021-0157.yaml - vulndb - Git at Google

 packages:
   - module: std
     package: net/textproto
     symbols:
       - CanonicalMIMEHeaderKey
       - canonicalMIMEHeaderKey
     versions:
       - fixed: 1.4.3
 description: |
     The MIME header parser treated spaces and hyphens
     as equivalent, which can permit HTTP request smuggling.
 published: 2022-01-05T20:00:00Z
 cves:
   - CVE-2015-5739
 credit: Régis Leroy
 links:
     pr: https://go.dev/cl/11772
     commit: https://go.googlesource.com/go/+/117ddcb83d7f42d6aa72241240af99ded81118e9
     context:
       - https://go.dev/issue/53035
       - https://groups.google.com/g/golang-announce/c/iSIyW4lM4hY/m/ADuQR4DiDwAJ
	packages:
	- module: std
	package: net/textproto
	symbols:
	- CanonicalMIMEHeaderKey
	- canonicalMIMEHeaderKey
	versions:
	- fixed: 1.4.3
	description: \|
	The MIME header parser treated spaces and hyphens
	as equivalent, which can permit HTTP request smuggling.
	published: 2022-01-05T20:00:00Z
	cves:
	- CVE-2015-5739
	credit: Régis Leroy
	links:
	pr: https://go.dev/cl/11772
	commit: https://go.googlesource.com/go/+/117ddcb83d7f42d6aa72241240af99ded81118e9
	context:
	- https://go.dev/issue/53035
	- https://groups.google.com/g/golang-announce/c/iSIyW4lM4hY/m/ADuQR4DiDwAJ