Evan Lucas

**Name of the Vulnerable Software and Affected Versions** Node.js versions 0.10.x through 0.10.46 Node.js versions 0.12.x through 0.12.15 Node.js versions 4.x through 4.5.0 Node.js versions 6.x through 6.6.0 **Description** A CRLF injection issue exists in the ServerResponse#writeHead function, allowing remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument. **Recommendations** For Node.js versions 0.10.x through 0.10.46, update to version 0.10.47 or later. For Node.js versions 0.12.x through 0.12.15, update to version 0.12.16 or later. For Node.js versions 4.x through 4.5.0, update to version 4.6.0 or later. For Node.js versions 6.x through 6.6.0, update to version 6.7.0 or later.