Oval Definition:	oval:org.opensuse.security:def:20222880
Revision Date: 2023-06-22 Version: 1 Title: CVE-2022-2880 Description: Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged. Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2022-2880 SUSE CVE-2022-2880 SUSE-CU-2022:2715-1 SUSE-CU-2022:2716-1 SUSE-SU-2022:3668-1 SUSE-SU-2022:3669-1 SUSE-SU-2023:2312-1 Platform(s): SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Module for Development Tools 15 SP5 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP5 Product(s): Definition Synopsis Release Information SUSE Linux Enterprise Desktop 15 SP5 is installed OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed OR SUSE Linux Enterprise Module for Development Tools 15 SP5 is installed OR SUSE Linux Enterprise Server 15 SP5 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed AND Package Information go1.19-1.19.9-150000.1.31.1 is installed OR go1.19-doc-1.19.9-150000.1.31.1 is installed OR go1.19-race-1.19.9-150000.1.31.1 is installed
BACK