Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2024-27982  

The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first. Impacts: This vulnerability affects all users in all active release lines: 18.x, 20.x and, 21.x.

Source
Severity Medium

Remote Yes

Type Insufficient validation

Description 

The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.

Impacts: This vulnerability affects all users in all active release lines: 18.x, 20.x and, 21.x.

AVG-2854 nodejs-lts-hydrogen 18.18.2-2 18.20.1-1 High Vulnerable

AVG-2853 nodejs-lts-iron 20.11.1-1 20.12.1-1 High Vulnerable

AVG-2852 nodejs 21.7.1-1 21.7.2-1 High Vulnerable 

https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/#http-request-smuggling-via-content-length-obfuscation---cve-2024-27982---medium

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook
Vulmon Logo
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started