Is InfluxDB vulnerable to HTTP Desync attacks?

I’m being asked if InfluxDB 1.7 is vulnerable to HTTP Desync attacks:

I can’t find any info either way.

Good question. I’ll run this by our team and see if we have info.

Our security team is reviewing the Go versions built within the various components of the TICK stack for 1.x and InfluxDB 2.0. Once we’ve completed the review, we will provide information to our customers and community members.

I’d also refer the community to:
https://www.influxdata.com/how-to-report-security-vulnerabilities/

We are in the process of rolling out maintenance releases of all versions which leverage Go 1.12.10. This will eliminate the potential for desync attacks.

Initial releases where this is resolved:
InfluxDB 1.7.9
Telegraf 1.12.3.