Количество 11
Количество 11
BDU:2025-10618
Уязвимость модели разрешений программной платформы Node.js, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю обойти существующие ограничения безопасности и отправлять несанкционированные запросы
ROS-20251006-11
Множественные уязвимости libuv
ROS-20251006-10
Множественные уязвимости nodejs20
ROS-20251006-09
Множественные уязвимости nodejs
CVE-2025-23167
A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.
CVE-2025-23167
A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.
CVE-2025-23167
A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.
CVE-2025-23167
A flaw in Node.js 20's HTTP parser allows improper termination of HTTP ...
GHSA-hchw-qwx7-4w4c
A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.
SUSE-SU-2025:02045-1
Security update for nodejs20
SUSE-SU-2025:02039-1
Security update for nodejs20
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2025-10618 Уязвимость модели разрешений программной платформы Node.js, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю обойти существующие ограничения безопасности и отправлять несанкционированные запросы | CVSS3: 6.5 | 0% Низкий | 6 месяцев назад |
 | ROS-20251006-11 Множественные уязвимости libuv | CVSS3: 7.5 | 29 дней назад | |
| ROS-20251006-10 Множественные уязвимости nodejs20 | CVSS3: 7.5 | 29 дней назад | |
| ROS-20251006-09 Множественные уязвимости nodejs | CVSS3: 7.5 | 29 дней назад | |
 | CVE-2025-23167 A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade. | CVSS3: 6.5 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-23167 A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade. | CVSS3: 6.5 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-23167 A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade. | CVSS3: 6.5 | 0% Низкий | 6 месяцев назад |
| CVE-2025-23167 A flaw in Node.js 20's HTTP parser allows improper termination of HTTP ... | CVSS3: 6.5 | 0% Низкий | 6 месяцев назад |
| GHSA-hchw-qwx7-4w4c A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade. | CVSS3: 6.5 | 0% Низкий | 6 месяцев назад |
 | SUSE-SU-2025:02045-1 Security update for nodejs20 | 5 месяцев назад | ||
| SUSE-SU-2025:02039-1 Security update for nodejs20 | 5 месяцев назад |
Уязвимостей на страницу