[FEDORA-2021-cbad295a90] Fedora 33: nodejs

Severity Medium

Affected Packages 1

CVEs 2

2021-10-12, Version 14.18.1 'Fermium' (LTS), @danielleadams This is a

security release. ### Notable changes * CVE-2021-22959: HTTP Request
Smuggling due to spaced in headers (Medium) * The http parser accepts
requests with a space (SP) right after the header name before the colon. This
can lead to HTTP Request Smuggling (HRS). More details will be available at
CVE-2021-22959
after publication. * CVE-2021-22960: HTTP Request Smuggling when parsing the
body (Medium) * The parse ignores chunk extensions when parsing the body of
chunked requests. This leads to HTTP Request Smuggling (HRS) under certain
conditions. More details will be available at
CVE-2021-22960
after publication.

Package	Affected Version
pkg:rpm/fedora/nodejs?distro=fedora-33	< 14.18.1.1.fc33

ID

FEDORA-2021-cbad295a90

Severity

medium

Severity from

CVE-2021-22959

URL

https://bodhi.fedoraproject.org/updates/FEDORA-2021-cbad295a90

Published

2021-10-23T03:25:54
(2 years ago)

Modified

2021-10-23T03:25:54
(2 years ago)

Rights

Copyright 2021 Red Hat, Inc.

Other Advisories

Source	# ID	Name	URL
Bugzilla	2014059	Bug #2014059 - CVE-2021-22960 llhttp: HTTP Request Smuggling when parsing the body	https://bugzilla.redhat.com/show_bug.cgi?id=2014059

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:rpm/fedora/nodejs?distro=fedora-33	fedora	nodejs	< 14.18.1.1.fc33	fedora-33

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date