MiracleLinux 7 : http-parser-2.7.1-8.el7 (AXSA:2019-4071:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-4071:01 advisory. nodejs: Denial of Service with large HTTP headers CVE-2018-12121 nodejs: HTTP parser allowed for spaces inside Content-Length header values...

Security Bulletin: IBM Documentation Offline is vulnerable to `Node.js ReadFileUtf8 and HTTP Parser flaws` due to Node.js (CVE-2025-23165, CVE-2025-23167)

Summary IBM Documentation Offline utilizes Node.js as a third-party component, which contains two vulnerabilities that could potentially affect your product's stability and security. CVE-2025-23165 CVSS: 3.7 is a Denial of Service DoS vulnerability in the ReadFileUtf8 internal binding. Repeated u...

CVE-2025-23167

A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by...

Node.js 20.x < 20.19.2 / 22.x < 22.15.1 / 22.x < 22.15.1 / 23.x < 23.11.1 / 24.x < 24.0.2 Multiple Vulnerabilities (Wednesday, May 14, 2025 Security Releases).

The version of Node.js installed on the remote host is prior to 20.19.2, 22.15.1, 22.15.1, 23.11.1, 24.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the Wednesday, May 14, 2025 Security Releases advisory. - In Node.js, the ReadFileUtf8 internal binding leaks memory...

Denial Of Service (DoS)

Passenger is vulnerable to Denial Of Service DoS. The vulnerability is due to an issue in the HTTP parser during the parsing of a request with an invalid HTTP method, allowing an attacker to exploit this issue...