cbcvebase.
CVE-2024-27982
published 2024-05-07

CVE-2024-27982: The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request…

medium6.5CVSS 3.0
AVNACLPRNUINSUCNILAL
The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.

Affected

31 ranges· showing 25
VendorProductVersion rangeFixed in
debiannodejs< nodejs 18.20.4+dfsg-1~deb12u1 (bookworm)nodejs 18.20.4+dfsg-1~deb12u1 (bookworm)
msrcazl3_nodejs_20.10.0-2_on_azure_linux_3.0
msrcazl3_nodejs_20.14.0-1_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_nodejs18_18.18.2-7_on_cbl_mariner_2.0
msrccbl2_nodejs18_18.20.2-1_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
nodejsnode>= 10.0 < 10.*10.*
nodejsnode>= 11.0 < 11.*11.*
nodejsnode>= 12.0 < 12.*12.*
nodejsnode>= 13.0 < 13.*13.*
nodejsnode>= 14.0 < 14.*14.*
nodejsnode>= 15.0 < 15.*15.*
nodejsnode>= 16.0 < 16.*16.*
nodejsnode>= 17.0 < 17.*17.*
nodejsnode>= 18.0 < 18.20.118.20.1
nodejsnode>= 19.0 < 19.*19.*
nodejsnode>= 20.0 < 20.12.120.12.1
nodejsnode>= 21.0 < 21.7.221.7.2
nodejsnode>= 4.0 < 4.*4.*
nodejsnode>= 5.0 < 5.*5.*
nodejsnode>= 6.0 < 6.*6.*
nodejsnode>= 7.0 < 7.*7.*

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
osv6.5MEDIUM