Headline
CVE-2019-20372: Use a named location for authSignURL by aledbf · Pull Request #4859 · kubernetes/ingress-nginx
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use a named location for authSignURL #4859
Conversation 5 Commits 2 Checks 0 Files changed
Conversation
What this PR does / why we need it:
Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #
Special notes for your reviewer:
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: aledbf
The full list of commands accepted by this bot can be found here.
The pull request process is described here
Needs approval from an approver in each of these files:
- OWNERS [aledbf]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
Copy link
Member Author
1 similar comment
Copy link
Member Author
aledbf added a commit to aledbf/ingress-nginx that referenced this issue
Dec 25, 2019
Mar 14, 2020
towolf added a commit to towolf/ingress-nginx that referenced this issue
Jun 16, 2020
Projects
No open projects