CVE-2020-8287
6.5MEDIUMNode.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the
게시됨: 1/6/2021업데이트됨: 11/21/2024
설명
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.
AI 분석AI 기반
영향받는 제품
nodejsnode.js
nodejsnode.js
nodejsnode.js
nodejsnode.js
debiandebian_linux
10.0
fedoraprojectfedora
32
fedoraprojectfedora
33
oraclegraalvm
19.3.4
oraclegraalvm
20.3.0
siemenssinec_infrastructure_network_services
참조
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatchThird Party Advisory
- https://hackerone.com/reports/1002188ExploitIssue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/12/msg00009.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4I6MZNC7C7VIDQR267OL4TVCI3ZKAC4/
- https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/PatchVendor Advisory
- https://security.gentoo.org/glsa/202101-07Third Party Advisory
- https://security.netapp.com/advisory/ntap-20210212-0003/Third Party Advisory
- https://www.debian.org/security/2021/dsa-4826Third Party Advisory
- https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatchThird Party Advisory
- https://hackerone.com/reports/1002188ExploitIssue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/12/msg00009.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4I6MZNC7C7VIDQR267OL4TVCI3ZKAC4/
- https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/PatchVendor Advisory
- https://security.gentoo.org/glsa/202101-07Third Party Advisory
- https://security.netapp.com/advisory/ntap-20210212-0003/Third Party Advisory
- https://www.debian.org/security/2021/dsa-4826Third Party Advisory
- https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory