Parsing obscure HTTP features and building untrusted containers remains a reliable way to get your infrastructure owned.
๐ฆ Netty Chunk Smuggling
Nobody actually uses HTTP/1.1 chunk extensions in the real world, but your edge proxies still have to parse them. Java/Netty botches quoted strings inside these extensions, causing line-terminator confusion between front-end proxies and backends. The result? Trivial HTTP request smuggling. Attackers can slip malformed chunks past WAFs to desync connections, poison caches, and bypass auth on ingress controllers. If your API gateway runs on Netty, patch it now.
๐๏ธ n8n Post-Auth SQLi
Letting users build workflows is a fundamental risk to your orchestration backend. Case in point: n8n just patched a severe post-auth SQLi in their Data Table Node because they pass unsanitized user expressions directly into Postgres `ORDER BY` clauses. Anyone with workflow edit rights can drop raw SQL into `orderByColumn` to read or modify the entire database. Check the n8n advisory and update, or disable the node entirely. Never trust your internal users.
๐ณ BuildKit Host Escape
Automatically building untrusted PRs is an excellent way to hand over your CI runners. A frontend escape in BuildKit allows a malicious `#syntax` directive in a Dockerfile to break entirely out of the state directory. One weaponized container is all it takes to escape the storage root, write arbitrary files to the host filesystem, and achieve code execution on the underlying agent. Read the BuildKit advisory and upgrade to v0.28.1 before random commits own your build hosts.