Lucene search
F5F5:K000139615HistoryMay 15, 2024 - 12:00 a.m.
K000139615: Node.js vulnerability CVE-2024-27982
2024-05-1500:00:00
my.f5.com
10
node.js
http server
vulnerability
http request smuggling
malformed headers
Security Advisory Description
The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first. (CVE-2024-27982)
Impact
There is no impact; F5 products are not affected by this vulnerability.
Related
fedora
fedora
[SECURITY] Fedora 39 Update: python-aiohttp-3.9.3-3.fc39
2024-04-20 01:03:43
[SECURITY] Fedora 40 Update: llhttp-9.2.1-1.fc40
2024-04-19 21:44:30
[SECURITY] Fedora 39 Update: uxplay-1.68.2-3.fc39
2024-04-20 01:03:43
cve
cve
CVE-2024-27982
2024-05-07 17:15:07
cbl_mariner
cbl_mariner
CVE-2024-27982 affecting package nodejs18 for versions less than 18.20.2-1
2024-05-29 03:07:37
nessus
nessus
Fedora 39 : llhttp / python-aiohttp / uxplay (2024-f83b123d63)
2024-04-20 00:00:00
Fedora 40 : llhttp / python-aiohttp (2024-2f15e6e876)
2024-04-29 00:00:00
Fedora 38 : llhttp / python-aiohttp / uxplay (2024-5dc487ee89)
2024-04-20 00:00:00
ubuntucve
ubuntucve
CVE-2024-27982
2024-05-07 00:00:00
alpinelinux
alpinelinux
CVE-2024-27982
2024-05-07 17:15:07
cvelist
cvelist
CVE-2024-27982
2024-05-07 16:40:02
debiancve
debiancve
CVE-2024-27982
2024-05-07 17:15:07
redhatcve
redhatcve
CVE-2024-27982
2024-04-17 13:04:25
hackerone
hackerone
Node.js: HTTP Request Smuggling via Content Length Obfuscation
2023-11-02 16:41:53
osv
osv
CVE-2024-27982
2024-05-07 17:15:07
Important: nodejs security update
2024-05-20 00:00:00
Important: nodejs:18 security update
2024-05-09 18:50:42
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:1306-1)
2024-05-07 00:00:00
openSUSE: Security Advisory for nodejs16 (SUSE-SU-2024:1306-1)
2024-04-17 00:00:00
Mageia: Security Advisory (MGASA-2024-0110)
2024-04-09 00:00:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service and HTTP request smuggling due to Node.js(CVE-2024-27983 & CVE-2024-27982)
2024-05-16 10:02:29
mageia
mageia
Updated nodejs packages fix security vulnerabilities
2024-04-05 21:24:25
rocky
rocky
nodejs:18 security update
2024-05-09 18:51:51
nodejs:18 security update
2024-05-09 18:50:42
nodejs:20 security update
2024-05-09 18:50:42
redhat
redhat
(RHSA-2024:2853) Important: nodejs:20 security update
2024-05-15 10:54:45
(RHSA-2024:2778) Important: nodejs:20 security update
2024-05-09 05:32:10
(RHSA-2024:2910) Important: nodejs security update
2024-05-20 01:02:30
oraclelinux
oraclelinux
nodejs:18 security update
2024-05-14 00:00:00
nodejs:20 security update
2024-05-09 00:00:00
nodejs security update
2024-05-22 00:00:00
almalinux
almalinux
Important: nodejs:18 security update
2024-05-09 00:00:00
Important: nodejs:20 security update
2024-05-15 00:00:00
Important: nodejs security update
2024-05-20 00:00:00