Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2020-8287HistoryJan 06, 2021 - 9:15 p.m.
CVE-2020-8287
2021-01-0621:15:00
Debian Security Bug Tracker
security-tracker.debian.org
13
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.008 Low
EPSS
Percentile
81.5%
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | http-parser | < 2.9.4-5 | http-parser_2.9.4-5_all.deb |
| Debian | 11 | all | http-parser | < 2.9.4-4+deb11u1 | http-parser_2.9.4-4+deb11u1_all.deb |
| Debian | 10 | all | http-parser | < 2.8.1-1+deb10u3 | http-parser_2.8.1-1+deb10u3_all.deb |
| Debian | 999 | all | http-parser | < 2.9.4-5 | http-parser_2.9.4-5_all.deb |
| Debian | 13 | all | http-parser | < 2.9.4-5 | http-parser_2.9.4-5_all.deb |
| Debian | 12 | all | nodejs | < 12.20.1~dfsg-1 | nodejs_12.20.1~dfsg-1_all.deb |
| Debian | 11 | all | nodejs | < 12.20.1~dfsg-1 | nodejs_12.20.1~dfsg-1_all.deb |
| Debian | 10 | all | nodejs | < 10.23.1~dfsg-1~deb10u1 | nodejs_10.23.1~dfsg-1~deb10u1_all.deb |
| Debian | 999 | all | nodejs | < 12.20.1~dfsg-1 | nodejs_12.20.1~dfsg-1_all.deb |
| Debian | 13 | all | nodejs | < 12.20.1~dfsg-1 | nodejs_12.20.1~dfsg-1_all.deb |
Related
prion
prion
Design/Logic Flaw
2021-01-06 21:15:00
nessus
nessus
SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2021:0121-1)
2021-01-15 00:00:00
Ubuntu 18.04 LTS : http-parser vulnerability (USN-5563-1)
2022-08-10 00:00:00
SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2021:0224-1)
2021-01-27 00:00:00
cve
cve
CVE-2020-8287
2021-01-06 21:15:00
osv
osv
BIT-node-2020-8287
2024-03-06 11:07:21
http-parser - security update
2022-12-05 00:00:00
CVE-2020-8287
2021-01-06 21:15:14
debian
debian
[SECURITY] [DLA 3224-1] http-parser security update
2022-12-05 13:03:06
[SECURITY] [DSA 4826-1] nodejs security update
2021-01-06 22:02:35
redhatcve
redhatcve
CVE-2020-8287
2021-01-05 14:33:28
alpinelinux
alpinelinux
CVE-2020-8287
2021-01-06 21:15:00
suse
suse
Security update for nodejs8 (moderate)
2021-01-30 00:00:00
Security update for nodejs14 (moderate)
2021-01-15 00:00:00
Security update for nodejs10 (moderate)
2021-01-15 00:00:00
githubexploit
githubexploit
Exploit for HTTP Request Smuggling in Nodejs Node.Js
2021-01-05 02:09:23
hackerone
hackerone
Node.js: Potential HTTP Request Smuggling in nodejs
2020-10-08 05:24:20
ibm
ibm
Security Bulletin: IBM Integration Bus & IBM App Connect Enterprise V11 are affected by vulnerabilities in Node.js (CVE-2020-8287)
2021-05-05 12:02:04
Security Bulletin: Vulnerabilities in Node.js in IBM DataPower Gateway
2021-08-16 15:05:23
Security Bulletin: Potential vulnerability with Node.js
2021-07-30 21:10:21
veracode
veracode
HTTP Request Smuggling
2021-01-06 04:57:20
ubuntu
ubuntu
http-parser vulnerability
2022-08-10 00:00:00
Node.js vulnerabilities
2023-09-19 00:00:00
mageia
mageia
Updated http-parser packages fix security vulnerability
2022-10-28 09:54:08
Updated nodejs packages fix security vulnerabilities
2021-02-05 14:54:53
ubuntucve
ubuntucve
CVE-2020-8287
2021-01-06 00:00:00
archlinux
archlinux
[ASA-202101-13] nodejs-lts-dubnium: multiple issues
2021-01-12 00:00:00
[ASA-202101-16] nodejs: multiple issues
2021-01-12 00:00:00
[ASA-202101-14] nodejs-lts-erbium: multiple issues
2021-01-12 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: nodejs-14.15.4-1.fc33
2021-01-10 01:28:45
[SECURITY] Fedora 32 Update: nodejs-12.20.1-1.fc32
2021-01-16 01:23:44
nodejsblog
nodejsblog
January 2021 Security Releases
2021-01-04 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package node version 14.15.4-alt1
2021-02-05 00:00:00
Security fix for the ALT Linux 10 package node version 14.15.4-alt1
2021-02-05 00:00:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2021-1.0-0373
2021-03-22 00:00:00
Important Photon OS Security Update - PHSA-2021-0213
2021-03-31 00:00:00
Important Photon OS Security Update - PHSA-2021-3.0-0213
2021-03-31 00:00:00
freebsd
freebsd
Node.js -- January 2021 Security Releases
2021-01-04 00:00:00
oraclelinux
oraclelinux
nodejs:12 security update
2021-02-20 00:00:00
nodejs:14 security and bug fix update
2021-02-20 00:00:00
nodejs:10 security update
2021-02-20 00:00:00
almalinux
almalinux
Moderate: nodejs:12 security update
2021-02-16 07:34:29
Moderate: nodejs:14 security and bug fix update
2021-02-16 07:34:42
Moderate: nodejs:10 security update
2021-02-16 07:34:15
ics
ics
Hitachi Energy Gateway Station (GWS) Product
2022-08-30 12:00:00
Hitachi Energy FACTS Control Platform (FCP) Product
2022-08-30 12:00:00
Hitachi Energy MicroSCADA Pro/X SYS600
2022-04-21 12:00:00
rocky
rocky
nodejs:14 security and bug fix update
2021-02-16 07:34:42
nodejs:12 security update
2021-02-16 07:34:29
nodejs:10 security update
2021-02-16 07:34:15
redhat
redhat
(RHSA-2021:0485) Moderate: rh-nodejs12-nodejs security update
2021-02-11 13:08:55
(RHSA-2021:0549) Moderate: nodejs:12 security update
2021-02-16 07:34:29
(RHSA-2021:0551) Moderate: nodejs:14 security and bug fix update
2021-02-16 07:34:42
gentoo
gentoo
NodeJS: Multiple vulnerabilities
2021-01-11 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.008 Low
EPSS
Percentile
81.5%
Related for DEBIANCVE:CVE-2020-8287