Lucene search
K

4 matches found

RedHat Linux
RedHat Linux
added 2020/11/04 12:35 p.m.4 views

nodejs: HTTP request smuggling due to CR-to-Hyphen conversion

A flaw was found in Node.js, where affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing. This flaw leads to HTTP Request Smuggling as it is a non-standard interpretation of the header. The highest threat from this vulnerability is to...

7.4CVSS7.2AI score0.05093EPSS
Exploits0References4
ALT Linux
ALT Linux
added 2020/09/16 12:0 a.m.45 views

Security fix for the ALT Linux 9 package node version 14.11.0-alt1

Sept. 16, 2020 Vitaly Lipatov 14.11.0-alt1 - new version 14.11.0 with rpmrb script - CVE-2020-8251: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests Critical - CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion High...

5.8CVSS7.7AI score0.08794EPSS
Exploits0
ALT Linux
ALT Linux
added 2020/09/16 12:0 a.m.52 views

Security fix for the ALT Linux 10 package node version 14.11.0-alt1

Sept. 16, 2020 Vitaly Lipatov 14.11.0-alt1 - new version 14.11.0 with rpmrb script - CVE-2020-8251: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests Critical - CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion High...

5.8CVSS7.7AI score0.08794EPSS
Exploits0
FreeBSD
FreeBSD
added 2020/09/08 12:0 a.m.52 views

Node.js -- September 2020 Security Releases

Node.js reports: Updates are now available for v10,x, v12.x and v14.x Node.js release lines for the following issues. HTTP Request Smuggling due to CR-to-Hyphen conversion High CVE-2020-8201 Affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing...

7.8CVSS1.5AI score0.08794EPSS
Exploits0References1
Rows per page
Query Builder