Описание
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the path option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| cosmic | ignored | end of life |
| devel | not-affected | 10.15.1~dfsg-5 |
| disco | not-affected | 10.15.1~dfsg-5 |
| eoan | not-affected | 10.15.1~dfsg-5 |
| esm-apps/bionic | released | 8.10.0~dfsg-2ubuntu0.4+esm1 |
| esm-apps/focal | not-affected | 10.15.1~dfsg-5 |
| esm-apps/jammy | not-affected | 10.15.1~dfsg-5 |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | not-affected | code not present |
Показывать по
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request ...
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.
5 Medium
CVSS2
7.5 High
CVSS3