HTTP Request Smuggling due to spaces in headers. The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). (CVE-2021-22959) HTTP Request Smuggling when parsing the body. The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. (CVE-2021-22960)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchnodejs< 14.18.1-1.1nodejs-14.18.1-1.1.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	nodejs	< 14.18.1-1.1	nodejs-14.18.1-1.1.mga8

References

bugs.mageia.org/show_bug.cgi?id=29584

lists.fedoraproject.org/archives/list/[email protected]/thread/EUZYFCI7N4TFZSIGA7WGZ4Q7V3EK76GH/

fedora 3

nessus 28

ibm 25

openvas 15

freebsd 1

archlinux 3

nodejsblog 1

altlinux 1

alpinelinux 2

prion 2

redhatcve 2

cvelist 2

hackerone 2

ubuntucve 2

cve 2

veracode 2

osv 7

debiancve 2

debian 1

redhat 5

rocky 3

suse 5

almalinux 2

oraclelinux 2

gentoo 1

oracle 1

fedora

[SECURITY] Fedora 35 Update: nodejs-16.11.1-1.fc35

2021-10-29 23:27:03

[SECURITY] Fedora 33 Update: nodejs-14.18.1-1.fc33

2021-10-23 03:25:54

[SECURITY] Fedora 34 Update: nodejs-14.18.1-1.fc34

2021-10-23 03:22:47

nessus

Node.js Multiple Vulnerabilities (October 12th 2021 Security Releases)

2021-10-19 00:00:00

FreeBSD : Node.js -- October 2021 Security Releases (a9c5e89d-2d15-11ec-8363-0022489ad614)

2021-10-18 00:00:00

Debian DSA-5170-1 : nodejs - security update

2022-06-28 00:00:00

ibm

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

2021-12-17 04:21:37

Security Bulletin: Vulnerabilities in Node.js affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2021-22960, CVE-2021-22959

2022-01-26 08:18:02

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Node.js vulnerabilities (CVE-2021-22959 and CVE-2021-22960)

2022-01-13 15:45:49

openvas

Fedora: Security Advisory for nodejs (FEDORA-2021-9818cabe0d)

2021-10-30 00:00:00

Mageia: Security Advisory (MGASA-2021-0592)

2022-01-28 00:00:00

Fedora: Security Advisory for nodejs (FEDORA-2021-9807b754d9)

2021-10-24 00:00:00

freebsd

Node.js -- October 2021 Security Releases

2021-10-12 00:00:00

archlinux

[ASA-202110-4] nodejs: url request injection

2021-10-21 00:00:00

[ASA-202110-6] nodejs-lts-erbium: multiple issues

2021-10-21 00:00:00

[ASA-202110-5] nodejs-lts-fermium: multiple issues

2021-10-21 00:00:00

nodejsblog

October 12th 2021 Security Releases

2021-10-12 00:00:00

altlinux

Security fix for the ALT Linux 10 package node version 14.18.2-alt1

2021-12-23 00:00:00

alpinelinux

CVE-2021-22960

2021-11-03 20:15:00

CVE-2021-22959

2021-11-15 15:15:00

prion

Design/Logic Flaw

2021-11-15 15:15:00

Design/Logic Flaw

2021-11-03 20:15:00

redhatcve

CVE-2021-22959

2021-10-14 12:15:38

CVE-2021-22960

2021-10-14 12:15:38

cvelist

CVE-2021-22959

2021-11-15 14:45:16

CVE-2021-22960

2021-11-03 19:22:42

hackerone

Node.js: HTTP Request Smuggling due to accepting space before colon

2021-06-20 11:10:00

Node.js: HTTP Request Smuggling due to ignoring chunk extensions

2021-06-19 08:43:05

ubuntucve

CVE-2021-22959

2021-11-15 00:00:00

CVE-2021-22960

2021-11-03 00:00:00

cve

CVE-2021-22959

2021-11-15 15:15:00

CVE-2021-22960

2021-11-03 20:15:00

veracode

HTTP Request Smuggling (HRS)

2021-10-13 17:26:57

HTTP Request Smuggling

2021-10-13 17:27:33

osv

CVE-2021-22960

2021-11-03 20:15:08

CVE-2021-22959

2021-11-15 15:15:06

nodejs - security update

2022-06-27 00:00:00

debiancve

CVE-2021-22959

2021-11-15 15:15:00

CVE-2021-22960

2021-11-03 20:15:00

debian

[SECURITY] [DSA 5170-1] nodejs security update

2022-06-27 18:43:26

redhat

(RHSA-2022:0041) Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security update

2022-01-06 18:27:51

(RHSA-2021:5171) Moderate: nodejs:16 security, bug fix, and enhancement update

2021-12-15 19:09:29

(RHSA-2022:0350) Moderate: nodejs:14 security, bug fix, and enhancement update

2022-02-01 20:08:39

rocky

nodejs:16 security, bug fix, and enhancement update

2021-12-15 19:09:29

nodejs:14 security, bug fix, and enhancement update

2022-02-01 20:08:39

12 bug fix and enhancement update

2022-06-21 11:47:44

suse

Security update for nodejs12 (important)

2021-12-12 00:00:00

Security update for nodejs14 (important)

2021-12-07 00:00:00

Security update for nodejs12 (important)

2021-12-06 00:00:00

almalinux

Moderate: nodejs:16 security, bug fix, and enhancement update

2021-12-15 19:09:29

Moderate: nodejs:14 security, bug fix, and enhancement update

2022-02-01 20:08:39

oraclelinux

nodejs:16 security, bug fix, and enhancement update

2021-12-16 00:00:00

nodejs:14 security, bug fix, and enhancement update

2022-02-02 00:00:00

gentoo

Node.js: Multiple Vulnerabilities

2024-05-08 00:00:00

oracle

Oracle Critical Patch Update Advisory - January 2022

2022-01-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.003 Low

EPSS

Percentile

65.4%

JSON

Related for MGASA-2021-0592