The Update method in src/node_http_parser.cc in Node.js prior to 0.6.17 and 0.7 prior to 0.7.8 does not properly check the length of a string, which allows remote malicious users to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nodejs nodejs |
||
nodejs nodejs 0.7.6 |
||
nodejs nodejs 0.7.4 |
||
nodejs nodejs 0.7.5 |
||
nodejs nodejs 0.7.3 |
||
nodejs nodejs 0.7.0 |
||
nodejs nodejs 0.7.2 |
||
nodejs nodejs 0.7.7 |
||
nodejs nodejs 0.7.1 |