TencentOS Server 3: nodejs:20 (TSSA-2025:0462)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0462 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

EUVD-2025-27706

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-23167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables...

BIT-NODE-2025-23167

A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by...

CVE-2025-23167

A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by...

AZL-61914 CVE-2025-23167 affecting package nodejs 20.14.0-13

A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by...

DEBIAN-CVE-2025-23167

A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by...

AZL-65063 CVE-2025-23167 affecting package nodejs18 18.20.3-11

A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by...

CVE-2025-23167

A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by...

CVE-2025-23167

This CVE affects Node.js 20.x where the HTTP parser may terminate headers incorrectly (\r\n\rX instead of \r\n\r\n), enabling request smuggling and bypassing proxy-based access controls. Root cause: improper header termination in llhttp prior to version 9. The issue is resolved by upgrading llhtt...

SUSE CVE-2025-23167

A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by...

Node.js: Improper HTTP header block termination in llhttp

The vulnerability in Node.js 20's HTTP parser allowed improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enabled request smuggling. The issue was resolved by upgrading llhttp to version 9, which enforces correct header termination...