Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
nodejs 安全漏洞
Vulnerability Description
Node.js是一个开源、跨平台的 JavaScript 运行时环境。 nodejs存在安全漏洞,该漏洞源于没有严格使用CRLF序列来分隔HTTP请求,可能导致HTTP请求走私(HRS)。
CVSS Information
N/A
Vulnerability Type
N/A