---
title: IMPORTANT! Update Node.JS to 18.20.1, 20.12.1, 21.7.2 or newer!
tags:
  - cybersecurity
  - node.js
category: Notices
thumbnail: /images/covers/IMPORTANT-Update-Node-JS-to-18-20-1-20-12-1-21-7-2-or-newer.png
date: 2024-04-03 18:58:00
---

**IMPORTANT! Update Node.JS to 18.20.1, 20.12.1, 21.7.2 or newer!**

Older versions of Node.JS had a [CVE-2024-27982 vulnerability](https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/#http-request-smuggling-via-content-length-obfuscation---cve-2024-27982---medium), which involves placing a space before _Content-Length_ header, enabling attackers to smuggle in a second request.

The original vulnerability description:

_The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first._

Future SVR.JS versions will warn you about this vulnerability in server logs, if you're running affected versions of Node.JS.