| ID |
CVE-2024-27982
|
| Summary |
The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | None |
| Impact: | |
| Exploitability: | |
|
| Access |
| Vector | Complexity | Authentication |
|
|
|
|
| Impact |
| Confidentiality | Integrity | Availability |
|
|
|
|
| Last major update |
07-05-2024 - 20:07 |
| Published |
07-05-2024 - 17:15 |
| Last modified |
07-05-2024 - 20:07 |
