CVE-2016-2086: Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks…

high7.5CVSS 3.0

AVNACLPRNUINSUCNIHAN

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

Affected

80 ranges· showing 25

Vendor	Product	Version range	Fixed in
apple	xcode	—	—
debian	nodejs	< nodejs 4.3.0~dfsg-1 (bookworm)	nodejs 4.3.0~dfsg-1 (bookworm)
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
nodejs	node.js	—	—
nodejs	node.js	—	—
nodejs	node.js	—	—
nodejs	node.js	—	—
nodejs	node.js	—	—
nodejs	node.js	—	—
nodejs	node.js	—	—
nodejs	node.js	—	—
nodejs	node.js	—	—
nodejs	node.js	—	—
nodejs	node.js	—	—
nodejs	node.js	—	—
nodejs	node.js	—	—
nodejs	node.js	—	—
nodejs	node.js	—	—
nodejs	node.js	—	—
nodejs	node.js	—	—
nodejs	node.js	—	—
nodejs	node.js	—	—
nodejs	node.js	—	—
nodejs	node.js	—	—

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

osv7.5HIGH