皇上,还记得我吗?我就是1999年那个Linux伊甸园啊-----24小时滚动更新开源资讯,全年无休!

Node 12.22.7(LTS) 14.18.1(LTS) 16.11.1发布

12 Oct Node v12.22.7 (LTS)

  • CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
    • The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
  • CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
    • The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.

Read more…

Node v14.18.1 (LTS)

  • CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
    • The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
  • CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
    • The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.

Read more…

Node v16.11.1 (Current)

  • CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
    • The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
  • CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
    • The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.

Read more…

转自 https://nodejs.org/en/blog/

分享到:更多 ()