| Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-15605 | 7.5 |
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
|
07-03-2024 - 21:24 | 07-02-2020 - 15:15 | |
| CVE-2018-12121 | 5.0 |
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of
|
06-09-2022 - 17:54 | 28-11-2018 - 17:29 | |
| CVE-2018-7159 | 5.0 |
The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Conte
|
13-02-2020 - 15:55 | 17-05-2018 - 14:29 |