{"id":"GSD-2022-1002524","summary":"input validation (CWE-20) in Elastic Load Balancer (ELB) version ELB prior to 2022-01-29 when \"Legacy cache settings\" is enabled","details":"In Amazon Elastic Load Balancer (ELB) prior to 2022-01-29 when \"Legacy cache settings\" is enabled an input validation (CWE-20) vulnerability exists in the HTTP Header processing that can be attacked via the network (using a trailing space in the requests) resulting in HTTP Header Smuggling.","modified":"2023-03-14T07:01:09.292516Z","published":"2022-05-30T16:26:29.213070Z","withdrawn":"2023-03-14T07:01:09.292516Z","references":[{"type":"WEB","url":"https://twitter.com/nJoyneer/status/1526593840928411650"},{"type":"WEB","url":"https://www.reddit.com/r/netsec/comments/uyz6zw/aws_universal_ratelimiter_bypass/"},{"type":"WEB","url":"https://github.com/SummitRoute/csp_security_mistakes/issues/48"}],"schema_version":"1.7.3"}