HTTP Request Smuggling occurs when an attacker exploits discrepancies in the interpretation of HTTP requests between two devices, such as a proxy and a server. This can result in various malicious outcomes, including bypassing security controls, unauthorized access, session hijacking, data leakage, and arbitrary code execution. The vulnerability in version 1.4.1 of the software allows attackers to craft specific HTTP requests that are interpreted differently by the server and intermediary proxies, leading to these potential threats.

An attacker sends a specially crafted HTTP request to the server. The server and any intermediary proxies interpret the request differently, allowing the attacker to smuggle a second request through. This can bypass security controls, such as authentication mechanisms and web application firewalls, leading to unauthorized access to sensitive data and administrative functions.

Users and administrators of the software version 1.4.1 are affected by this vulnerability. This includes any systems that rely on intermediary proxies to handle HTTP requests.