Researchers at DevOps platform JFrog demonstrated how an integer overflow flaw (CVE-2021-40346) can be abused to perform HTTP request smuggling attacks that bypass any access control lists (ACLs) defined in HAProxy.
Contingent on front- and back-end server configurations, attacks could also potentially see adversaries hijack user sessions, access or modify sensitive data, or exploit reflected XSS (cross-site scripting) vulnerabilities without user interaction, according to JFrog.
Source: The Daily Swig