HTTP request smuggling vulnerability in Node.js - CVE-2024-27982| ID: oval:org.secpod.oval:def:99045 | Date: (C)2024-04-15 (M)2024-04-15 |
| Class: VULNERABILITY | Family: macos |
The host is installed with Node.js 18.x before 18.20.1, 20.x before 20.12.1, or 21.x before 21.7.2 and is prone to a HTTP request smuggling vulnerability. A flaw is present in the application which fails to handle malformed headers. Successful exploitation could allow an attacker to smuggle in a second request within the body of the first.
| Platform: |
| Apple Mac OS 14 |
| Apple Mac OS 13 |
| Apple Mac OS X 10.11 |
| Apple Mac OS X 10.12 |
| Apple Mac OS X 10.13 |
| Apple Mac OS X 10.14 |
| Apple Mac OS X 10.15 |
| Apple Mac OS 11 |
| Apple Mac OS 12 |
