Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`. When this occurs, `dest["__proto__"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`. * This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Node.js 安全漏洞
Vulnerability Description
Node.js是Node.js开源的一个开源、跨平台的 JavaScript 运行时环境。 Node.js 20.x版本、22.x版本、24.x版本和25.x版本存在安全漏洞,该漏洞源于HTTP请求处理不当,当请求头名为__proto__且应用程序访问req.headersDistinct时,可能导致未捕获的TypeError和进程崩溃。
CVSS Information
N/A
Vulnerability Type
N/A