Primary

Context

Cloudflare Pingora Request Smuggling Vulnerability in Caching Proxy

Vulnerability

A request smuggling vulnerability has been identified in Cloudflare Pingora's proxying framework, specifically within the 'pingora-proxy' component. This vulnerability allows malicious HTTP requests to be injected by manipulating request bodies on cache hits. The exploitation could lead to unauthorized execution of requests and potential cache poisoning. The issue arises when 'pingora-proxy' is used for caching, as it allows attackers to manipulate headers and URLs in subsequent requests over the same HTTP/1.1 connection.

Impact

Exploitation of this vulnerability could result in request smuggling, allowing for the unauthorized execution of requests and manipulation of cached content.

Remediation

The vulnerability has been fixed in Pingora version 0.5.0. Users can upgrade to this version to address the issue.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cloudflare Pingora Request Smuggling Vulnerability in Caching Proxy

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating