290 matches found
CVE-2021-21299
hyper is an open-source HTTP library for Rust crates.io. In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with multiple...
CVE-2021-21299 Multiple Transfer-Encoding headers misinterprets request payload
hyper is an open-source HTTP library for Rust crates.io. In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with multiple...
CVE-2021-21299
CVE-2021-21299 affects the Rust HTTP library hyper. The vulnerability resides in hyper’s HTTP server code, which may misinterpret requests with multiple Transfer-Encoding headers, potentially treating the payload as chunked when it should be illegal. Exploitation requires three conditions to be m...
RUSTSEC-2021-0020 Multiple Transfer-Encoding headers misinterprets request payload
hyper's HTTP server code had a flaw that incorrectly understands some requests with multiple transfer-encoding headers to have a chunked payload, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that understands the request payload boundary differently can...
Multiple Transfer-Encoding headers misinterprets request payload
hyper's HTTP server code had a flaw that incorrectly understands some requests with multiple transfer-encoding headers to have a chunked payload, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that understands the request payload boundary differently can...
Xiaomi AX1800 Security Vulnerability
The Xiaomi AX1800 is a router from the Chinese company Xiaomi Xiaomi. A security vulnerability exists in the Xiaomi router that stems from an issue where the time is not synchronized after a router reboot, which can bypass login authentication. The following products and versions are affected:...
Important: libuv
Issue Overview: Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on t...
Amazon Linux 2 : libuv (ALAS-2021-1581)
The version of libuv installed on the remote host is prior to 1.39.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1581 advisory. Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting...
Oracle Linux 8 : nodejs:12 (ELSA-2020-4272)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4272 advisory. nodejs 1:12.18.4-2 - Resolves: RHBZ1883966 - nodejs-devel not installable due to missing brotli - Some spec fixes 12.18.4-1 - Rebase to 12.18.4...
Clickjacking Attack
Node.js is vulnerable to clickjacking. An attacker can perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the...
CVE-2020-8201
Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...
DEBIAN-CVE-2020-8201
Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...
ALPINE-CVE-2020-8201
Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...
CVE-2020-8201
Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...
CVE-2020-8201
Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...
Design/Logic Flaw
Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...
UBUNTU-CVE-2020-8201
Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...
CVE-2020-8201
CVE-2020-8201 – Node.js HTTP header processing issue : Affects Node.js versions < 12.18.4 and
CVE-2020-8201
Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...
CVE-2020-8201
Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...