```toml
[advisory]
id = "RUSTSEC-2020-0031"
package = "tiny_http"
date = "2020-06-16"
keywords = ["http", "request-smuggling"]
url = "https://github.com/tiny-http/tiny-http/issues/173"

[versions]
patched = []
```

# HTTP Request smuggling through malformed Transfer Encoding headers

HTTP pipelining issues and request smuggling attacks are possible due to incorrect 
Transfer encoding header parsing.

It is possible conduct HTTP request smuggling attacks (CL:TE/TE:TE) by sending invalid Transfer Encoding headers. 

By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information 
from requests other than their own.