CVE-2020-8287
CVSS v3.1
6.5 (Medium)
CVSS v2.0
6.4 (Medium)
EPSS
0.81 % (82th)
Affected Products
5
Advisories
34
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.
Weaknesses
- CWE-444
- Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
- CVE Status
- PUBLISHED
- CNA
- HackerOne
- Published Date
-
2021-01-06 21:15:14
(3 years ago) - Updated Date
-
2023-11-07 03:26:19
(10 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Configuration #5
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...