Описание
on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions <1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead(). Users should upgrade to version 1.1.0 to receive a patch. Uses are strongly encouraged to upgrade to 1.1.0, but this issue can be worked around by passing an object to response.writeHead() rather than an array.
Ссылки
EPSS
3.4 Low
CVSS3
Дефекты
Связанные уязвимости
A header modification flaw has been discovered in the on-headers npm library. In specific cases, response headers may be inadvertently modified when an array is passed to `response.writeHead()`.
on-headers is a node.js middleware for listening to when a response wr ...
on-headers is vulnerable to http response header manipulation
EPSS
3.4 Low
CVSS3