Vulnerability Database
296,702
Total vulnerabilities in the database
CVE-2025-4366
A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning.
Fixed in: https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff
Impact: The issue could lead to request smuggling in cases where Pingora’s proxying framework, pingora-proxy, is used for caching allowing an attacker to manipulate headers and URLs in subsequent requests made on the same HTTP/1.1 connection.
| Software | From | Fixed in |
|---|---|---|
pingora-core
|
- | 0.5.0 |
| cloudflare / pingora | - | 0.5.0 |
- https://blog.cloudflare.com/resolving-a-request-smuggling-vulnerability-in-pingora
- https://github.com/cloudflare/pingora
- https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff
- https://github.com/cloudflare/pingora/security/advisories/GHSA-93c7-7xqw-w357
- https://rustsec.org/advisories/RUSTSEC-2025-0037.html
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime