20 lines
1.1 KiB
Markdown
20 lines
1.1 KiB
Markdown
|
---
|
||
|
|
title: IMPORTANT! Update Node.JS to 18.20.1, 20.12.1, 21.7.2 or newer!
|
||
|
|
tags:
|
||
|
|
- cybersecurity
|
||
|
|
- node.js
|
||
|
|
category: Notices
|
||
|
|
thumbnail: /images/covers/IMPORTANT-Update-Node-JS-to-18-20-1-20-12-1-21-7-2-or-newer.png
|
||
|
|
date: 2024-04-03 18:58:00
|
||
|
|
---
|
||
|
|
|
||
|
|
**IMPORTANT! Update Node.JS to 18.20.1, 20.12.1, 21.7.2 or newer!**
|
||
|
|
|
||
|
|
Older versions of Node.JS had a [CVE-2024-27982 vulnerability](https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/#http-request-smuggling-via-content-length-obfuscation---cve-2024-27982---medium), which involves placing a space before _Content-Length_ header, enabling attackers to smuggle in a second request.
|
||
|
|
|
||
|
|
The original vulnerability description:
|
||
|
|
|
||
|
|
_The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first._
|
||
|
|
|
||
|
|
Future SVR.JS versions will warn you about this vulnerability in server logs, if you're running affected versions of Node.JS.
|