Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-22960

A security issue has been found in Node.js before versions 16.11.1, 14.18.1 and 12.22.7. The parser ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.

Source

Severity Medium

Remote Yes

Type Url request injection

Description

A security issue has been found in Node.js before versions 16.11.1, 14.18.1 and 12.22.7. The parser ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.

AVG-2460 nodejs 16.11.0-1 Medium Vulnerable

AVG-2285 nodejs-lts-erbium 12.22.4-2 High Vulnerable

AVG-2284 nodejs-lts-fermium 14.17.4-1 High Vulnerable

https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/#http-request-smuggling-when-parsing-the-body-medium-cve-2021-22960
https://hackerone.com/reports/1238099
https://hackerone.com/reports/1238709
https://github.com/nodejs/node/commit/af488f8dc82d69847992ea1cd2f53dc8082b3b91
https://github.com/nodejs/node/commit/8c254ca7e4693fb778d808fa835b095de6c9fdd4
https://github.com/nodejs/node/commit/21a2e554e3eaa325abbdb28f366928d0ccc0a0f0

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vulmon Search

About

Products

Connect