7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-52354

CVE-2023-52354: chasquid HTTP Request/Response Smuggling vulnerability

chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-52354

CVE-2023-52354:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/albertito/chasquid	go	< 1.13	1.13

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper CRLF enforcement in SMTP DATA handling. The key evidence includes:

The patch replaces Go's textproto.DotReader with a custom CRLF-strict implementation
Commit message explicitly states the standard library didn't enforce CRLF
Added tests validate CRLF enforcement
CWE-444 mapping confirms this is an interpretation inconsistency issue
The original code path in conn.go's DATA handler used vulnerable textproto methods
A custom readUntilDot implementation was removed and replaced with stricter logic

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-52354: chasquid HTTP Request/Response Smuggling vulnerability

CVE-2023-52354:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2023-52354: chasquid HTTP Request/Response Smuggling vulnerability

Basic Information

Basic Information

7.5

7.5

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI