A security issue has been found in Node.js before versions 16.11.1, 14.18.1 and 12.22.7. The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS).
A security issue has been found in Node.js before versions 16.11.1, 14.18.1 and 12.22.7. The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS).
https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/#http-request-smuggling-due-to-spaced-in-headers-medium-cve-2021-22959 https://hackerone.com/reports/1238099 https://hackerone.com/reports/1238709 https://github.com/nodejs/node/commit/af488f8dc82d69847992ea1cd2f53dc8082b3b91 https://github.com/nodejs/node/commit/8c254ca7e4693fb778d808fa835b095de6c9fdd4 https://github.com/nodejs/node/commit/21a2e554e3eaa325abbdb28f366928d0ccc0a0f0