[FEDORA-2021-cbad295a90] Fedora 33: nodejs
Severity
Medium
Affected Packages
1
CVEs
2
2021-10-12, Version 14.18.1 'Fermium' (LTS), @danielleadams This is a
security release. ### Notable changes * CVE-2021-22959: HTTP Request
Smuggling due to spaced in headers (Medium) * The http parser accepts
requests with a space (SP) right after the header name before the colon. This
can lead to HTTP Request Smuggling (HRS). More details will be available at
CVE-2021-22959
after publication. * CVE-2021-22960: HTTP Request Smuggling when parsing the
body (Medium) * The parse ignores chunk extensions when parsing the body of
chunked requests. This leads to HTTP Request Smuggling (HRS) under certain
conditions. More details will be available at
CVE-2021-22960
after publication.
Package | Affected Version |
---|---|
pkg:rpm/fedora/nodejs?distro=fedora-33 | < 14.18.1.1.fc33 |
- ID
- FEDORA-2021-cbad295a90
- Severity
- medium
- Severity from
- CVE-2021-22959
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2021-cbad295a90
- Published
-
2021-10-23T03:25:54
(2 years ago) - Modified
-
2021-10-23T03:25:54
(2 years ago) - Rights
- Copyright 2021 Red Hat, Inc.
- Other Advisories
-
- ALPINE:CVE-2021-22959
- ALPINE:CVE-2021-22960
- ALSA-2021:5171
- ALSA-2022:0350
- ASA-202110-4
- DSA-5170-1
- ELSA-2021-5171
- ELSA-2022-0350
- FEDORA-2021-9807b754d9
- FEDORA-2021-9818cabe0d
- FREEBSD:A9C5E89D-2D15-11EC-8363-0022489AD614
- GLSA-202405-29
- openSUSE-SU-2021:1552-1
- openSUSE-SU-2021:1574-1
- openSUSE-SU-2021:3940-1
- openSUSE-SU-2021:3964-1
- RHEA-2022:5139
- RHSA-2021:5171
- RHSA-2022:0350
- RLEA-2022:5139
- RLSA-2021:5171
- RLSA-2022:0350
- SUSE-SU-2021:3886-1
- SUSE-SU-2021:3940-1
- SUSE-SU-2021:3964-1
- SUSE-SU-2022:0101-1
- SUSE-SU-2022:2855-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 2014059 | Bug #2014059 - CVE-2021-22960 llhttp: HTTP Request Smuggling when parsing the body | https://bugzilla.redhat.com/show_bug.cgi?id=2014059 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/fedora/nodejs?distro=fedora-33 | fedora | nodejs | < 14.18.1.1.fc33 | fedora-33 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |