In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| io.ktor:ktor-client-cio(Maven) | 0 | 1.3.0 | N/A |
| io.ktor:ktor-server-cio(Maven) | 0 | 1.3.0 | N/A |
CVSS Metrics
