CVE-2020-8287
6.5MEDIUMNode.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the
Publicado: 1/6/2021Actualizado: 11/21/2024
Descripción
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.
Análisis IAImpulsado por IA
Productos Afectados
nodejsnode.js
nodejsnode.js
nodejsnode.js
nodejsnode.js
debiandebian_linux
10.0
fedoraprojectfedora
32
fedoraprojectfedora
33
oraclegraalvm
19.3.4
oraclegraalvm
20.3.0
siemenssinec_infrastructure_network_services
Referencias
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatchThird Party Advisory
- https://hackerone.com/reports/1002188ExploitIssue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/12/msg00009.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4I6MZNC7C7VIDQR267OL4TVCI3ZKAC4/
- https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/PatchVendor Advisory
- https://security.gentoo.org/glsa/202101-07Third Party Advisory
- https://security.netapp.com/advisory/ntap-20210212-0003/Third Party Advisory
- https://www.debian.org/security/2021/dsa-4826Third Party Advisory
- https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatchThird Party Advisory
- https://hackerone.com/reports/1002188ExploitIssue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/12/msg00009.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4I6MZNC7C7VIDQR267OL4TVCI3ZKAC4/
- https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/PatchVendor Advisory
- https://security.gentoo.org/glsa/202101-07Third Party Advisory
- https://security.netapp.com/advisory/ntap-20210212-0003/Third Party Advisory
- https://www.debian.org/security/2021/dsa-4826Third Party Advisory
- https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory