This repository has been archived on 2024-09-12. You can view files and clone it, but cannot push or open issues or pull requests.
svrjs-blog/source/_posts/IMPORTANT-Update-Node-JS-to-18-20-1-20-12-1-21-7-2-or-newer.md

19 lines
1.1 KiB
Markdown

---
title: IMPORTANT! Update Node.JS to 18.20.1, 20.12.1, 21.7.2 or newer!
tags:
- cybersecurity
- node.js
category: Notices
thumbnail: /images/covers/IMPORTANT-Update-Node-JS-to-18-20-1-20-12-1-21-7-2-or-newer.png
date: 2024-04-03 18:58:00
---
**IMPORTANT! Update Node.JS to 18.20.1, 20.12.1, 21.7.2 or newer!**
Older versions of Node.JS had a [CVE-2024-27982 vulnerability](https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/#http-request-smuggling-via-content-length-obfuscation---cve-2024-27982---medium), which involves placing a space before _Content-Length_ header, enabling attackers to smuggle in a second request.
The original vulnerability description:
_The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first._
Future SVR.JS versions will warn you about this vulnerability in server logs, if you're running affected versions of Node.JS.