DEBIAN-CVE-2025-23167

A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by...

CVE-2025-23167

A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by...

CVE-2025-23167

This CVE affects Node.js 20.x where the HTTP parser may terminate headers incorrectly (\r\n\rX instead of \r\n\r\n), enabling request smuggling and bypassing proxy-based access controls. Root cause: improper header termination in llhttp prior to version 9. The issue is resolved by upgrading llhtt...

Node.js 20.x < 20.19.2 / 22.x < 22.15.1 / 22.x < 22.15.1 / 23.x < 23.11.1 / 24.x < 24.0.2 Multiple Vulnerabilities (Wednesday, May 14, 2025 Security Releases).

The version of Node.js installed on the remote host is prior to 20.19.2, 22.15.1, 22.15.1, 23.11.1, 24.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the Wednesday, May 14, 2025 Security Releases advisory. - In Node.js, the ReadFileUtf8 internal binding leaks memory...

Alibaba Cloud Linux 3 : 0055: http-parser (ALINUX3-SA-2022:0055)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0055 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-15605: HTTP request smuggling in Node.js 1...

OESA-2025-1346 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTPNOEXTENSION...

Denial Of Service (DoS)

Passenger is vulnerable to Denial Of Service DoS. The vulnerability is due to an issue in the HTTP parser during the parsing of a request with an invalid HTTP method, allowing an attacker to exploit this issue...

BIT-PASSENGER-2025-26803

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...

BIT-PASSENGER-NGINX-MODULE-2025-26803

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...

BIT-PASSENGER-APACHE-MODULE-2025-26803

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...

CVE-2025-26803

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...

CVE-2025-26803

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...

[SECURITY] [DLA 4041-1] python-aiohttp security update

Debian LTS Advisory DLA-4041-1 [email protected] https://www.debian.org/lts/security/ Jochen Sprickerhof February 03, 2025 https://wiki.debian.org/LTS Package : python-aiohttp Version : 3.7.4-1+deb11u1 CVE ID : CVE-2023-47627 CVE-2023-47641 CVE-2023-49081 CVE-2023-49082 CVE-2024-23334...

Debian dla-4041 : python-aiohttp-doc - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4041 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4041-1 [email protected]...

PT-2025-21254 · Node.Js +5 · Llhttp +6

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to the llhttp v9 upgrade node-undici in Debian Linux affected versions not specified Description: A flaw in the HTTP parser of Node.js allows improper termination of HTTP/1 headers using r rX instead of the required r r...

RHSA-2019:2258 Red Hat Security Advisory: http-parser security update

Bulletin has no description...

RHSA-2019:3497 Red Hat Security Advisory: http-parser security and bug fix update

Bulletin has no description...

RHSA-2020:1510 Red Hat Security Advisory: http-parser security update

Bulletin has no description...

RHSA-2020:0707 Red Hat Security Advisory: http-parser security update

Bulletin has no description...

RHSA-2020:0708 Red Hat Security Advisory: http-parser security update

Bulletin has no description...