VDB

GCVE-VVD-MAGEIA-2017-204

GCVE-VVD-MAGEIA-2017-204
Advisory Published
Vulnetix · Advisory published July 13, 2017
Node.js has a defect that that may make HTTP response splitting possible under certain circumstances. If user-input is passed to the reason argument to writeHead() on an HTTP response, a new-line character may be used to inject additional responses (CVE-2016-5325). The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate (CVE-2016-7099).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageianodejs0 (affected), 0.10.48-1.mga5 (unaffected)

Aliases

CVE-2016-5325CVE-2016-7099

Transitive aliases

EUVD-2016-7979VVD-GENTOO-2016-595256GHSA-qpf8-fqrf-8p2hVVD-GENTOO-2016-586084EUVD-2016-6276GHSA-79cw-cghj-vx7w

References

Updated nodejs packages fix security vulnerability
advisory
Updated nodejs packages fix security vulnerability
issue
Updated nodejs packages fix security vulnerability
issue
Updated nodejs packages fix security vulnerability
issue
Updated nodejs packages fix security vulnerability
issue
Updated nodejs packages fix security vulnerability
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›