4 matches found
nodejs: HTTP request smuggling due to CR-to-Hyphen conversion
A flaw was found in Node.js, where affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing. This flaw leads to HTTP Request Smuggling as it is a non-standard interpretation of the header. The highest threat from this vulnerability is to...
Security fix for the ALT Linux 9 package node version 14.11.0-alt1
Sept. 16, 2020 Vitaly Lipatov 14.11.0-alt1 - new version 14.11.0 with rpmrb script - CVE-2020-8251: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests Critical - CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion High...
Security fix for the ALT Linux 10 package node version 14.11.0-alt1
Sept. 16, 2020 Vitaly Lipatov 14.11.0-alt1 - new version 14.11.0 with rpmrb script - CVE-2020-8251: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests Critical - CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion High...
Node.js -- September 2020 Security Releases
Node.js reports: Updates are now available for v10,x, v12.x and v14.x Node.js release lines for the following issues. HTTP Request Smuggling due to CR-to-Hyphen conversion High CVE-2020-8201 Affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing...