VDB
DEBIAN-CVE-2024-27982
DEBIAN-CVE-2024-27982
PUBLISHED
CVSS 6.5 MEDIUM
The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.
Risk Scores
CVSS 3.0
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | nodejs | 12.21.0~dfsg-5, 12.22.10~dfsg-1, 12.22.10~dfsg-2 |
| Debian:14 | nodejs | 0, 0 |
| Debian:13 | nodejs | 0, 0 |
| Debian:12 | nodejs | 0, 18.13.0+dfsg1-1, 18.13.0+dfsg1-1.1 |
Timeline
- May 7, 2024 CVE Published
- Apr 28, 2026 CVE Updated