RUSTSEC-2025-0037 Pingora Request Smuggling and Cache Poisoning

Pingora versions prior to 0.5.0 which used the caching functionality in pingora-proxy did not properly drain the downstream request body on cache hits. This allows an attacker to craft malicious HTTP/1.1 requests which could lead to request smuggling or cache poisoning. This flaw was corrected in...

Security fix for the ALT Linux 10 package node version 14.11.0-alt1

Sept. 16, 2020 Vitaly Lipatov 14.11.0-alt1 - new version 14.11.0 with rpmrb script - CVE-2020-8251: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests Critical - CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion High...

Node.js -- September 2020 Security Releases

Node.js reports: Updates are now available for v10,x, v12.x and v14.x Node.js release lines for the following issues. HTTP Request Smuggling due to CR-to-Hyphen conversion High CVE-2020-8201 Affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing...

Node.js: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests

Summary: Node.js is vulnerable to HTTP denial of service DOS attacks based on delayed requests submission which can make the server unable to accept new connections. Description: An attacker can open an arbitrary number of HTTP connections and keep the server busy by never completing the request...