svrjs-blog/source/_posts/IMPORTANT-Update-Node-JS-to-18-20-1-20-12-1-21-7-2-or-newer.md at main

Archived

This repository has been archived on 2024-09-12. You can view files and clone it, but cannot push or open issues or pull requests.

Dorian Niemiec 113396aecb Add a post about path traversal attacks

2024-04-06 20:14:08 +02:00

1.1 KiB

Raw Permalink Blame History

title

category

thumbnail

date

IMPORTANT! Update Node.JS to 18.20.1, 20.12.1, 21.7.2 or newer!

cybersecurity

node.js

Notices

/images/covers/IMPORTANT-Update-Node-JS-to-18-20-1-20-12-1-21-7-2-or-newer.png

2024-04-03 18:58:00

IMPORTANT! Update Node.JS to 18.20.1, 20.12.1, 21.7.2 or newer!

Older versions of Node.JS had a CVE-2024-27982 vulnerability, which involves placing a space before Content-Length header, enabling attackers to smuggle in a second request.

The original vulnerability description:

The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.

Future SVR.JS versions will warn you about this vulnerability in server logs, if you're running affected versions of Node.JS.

1.1 KiB Raw Permalink Blame History

1.1 KiB

Raw Permalink Blame History