CVE-2018-12116: Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for…

high7.5CVSS 3.1

AVNACLPRNUINSUCNIHAN

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.

Affected

20 ranges

Vendor	Product	Version range	Fixed in
debian	nodejs	< nodejs 10.15.0~dfsg-6 (bookworm)	nodejs 10.15.0~dfsg-6 (bookworm)
msrc	cm1_nodejs_14.17.2-1_on_cbl_mariner_1.0	—	—
nodejs	node.js	6.0.0 – 6.8.1	—
nodejs	node.js	>= 6.9.0 < 6.15.0	6.15.0
nodejs	node.js	8.0.0 – 8.8.1	—
nodejs	node.js	>= 8.9.0 < 8.14.0	8.14.0
nodejs	nodejs	>= 0 < 10.15.0~dfsg-6	10.15.0~dfsg-6
nodejs	nodejs	>= 0 < 10.15.0~dfsg-6	10.15.0~dfsg-6
nodejs	nodejs	>= 0 < 10.15.0~dfsg-6	10.15.0~dfsg-6
nodejs	nodejs	>= 0 < 10.15.0~dfsg-6	10.15.0~dfsg-6
nodejs	nodejs	>= 0 < 0.10.25~dfsg2-2ubuntu1.2+esm1	0.10.25~dfsg2-2ubuntu1.2+esm1
nodejs	nodejs	>= 0 < 4.2.6~dfsg-1ubuntu4.2+esm1	4.2.6~dfsg-1ubuntu4.2+esm1
nodejs	nodejs	>= 0 < 8.10.0~dfsg-2ubuntu0.4+esm1	8.10.0~dfsg-2ubuntu0.4+esm1
nodejs	undici	>= 0 < 5.8.0	5.8.0
suse	suse_enterprise_storage	—	—
suse	suse_linux_enterprise_server	—	—
suse	suse_linux_enterprise_server	—	—
suse	suse_openstack_cloud	—	—
suse	suse_openstack_cloud	—	—
the_node.js_project	node.js	—	—

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

ghsa7.5HIGH

osv7.5HIGH