Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-27982

Опубликовано: 07 мая 2024
Источник: debian
EPSS Низкий

Описание

The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
nodejsfixed18.20.1+dfsg-1package

Примечания

  • https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/

  • Fixed by: https://github.com/nodejs/node/commit/5d4d5848cf557fba6dc0bfdd020471ea607950ca (v18.20.1)

EPSS

Процентиль: 39%
0.00168
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-27982

CVSS3: 6.5
ubuntu
около 1 года назад

The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.

redhat логотип

CVE-2024-27982

CVSS3: 6.1
redhat
около 1 года назад

The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.

nvd логотип

CVE-2024-27982

CVSS3: 6.5
nvd
около 1 года назад

The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.

msrc логотип

CVE-2024-27982

CVSS3: 6.5
msrc
около 1 года назад

Описание отсутствует

github логотип

GHSA-hg6j-8h7m-3w3j

CVSS3: 6.5
github
около 1 года назад

The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.

EPSS

Процентиль: 39%
0.00168
Низкий