{"id":"RUSTSEC-2025-0037","summary":"Pingora Request Smuggling and Cache Poisoning","details":"Pingora versions prior to 0.5.0 which used the caching functionality in pingora-proxy did not properly drain the downstream request body on cache hits.\n\nThis allows an attacker to craft malicious HTTP/1.1 requests which could lead to request smuggling or cache poisoning.\n\nThis flaw was corrected in commit fda3317ec822678564d641e7cf1c9b77ee3759ff by ensuring that the downstream request body is always drained before a connection can be reused.\n\nSee [the blog post](https://blog.cloudflare.com/resolving-a-request-smuggling-vulnerability-in-pingora/) for more information.","aliases":["CVE-2025-4366","GHSA-93c7-7xqw-w357"],"modified":"2025-10-28T06:02:18Z","published":"2025-05-22T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/pingora-core"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2025-0037.html"},{"type":"WEB","url":"https://blog.cloudflare.com/resolving-a-request-smuggling-vulnerability-in-pingora/"}],"affected":[{"package":{"name":"pingora-core","ecosystem":"crates.io","purl":"pkg:cargo/pingora-core"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.5.0"}]}],"ecosystem_specific":{"affects":{"functions":[],"arch":[],"os":[]},"affected_functions":null},"database_specific":{"informational":null,"cvss":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0037.json","categories":[]}}],"schema_version":"1.7.3"}