Описание
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 8.10.0~dfsg-2 |
| cosmic | not-affected | 8.11.2~dfsg-1 |
| devel | not-affected | 8.11.2~dfsg-1 |
| disco | not-affected | 8.11.2~dfsg-1 |
| eoan | not-affected | 8.11.2~dfsg-1 |
| esm-apps/bionic | not-affected | 8.10.0~dfsg-2 |
| esm-apps/focal | not-affected | 8.11.2~dfsg-1 |
| esm-apps/jammy | not-affected | 8.11.2~dfsg-1 |
| esm-apps/noble | not-affected | 8.11.2~dfsg-1 |
Показывать по
EPSS
4.3 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 ...
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.
EPSS
4.3 Medium
CVSS2
7.5 High
CVSS3