Node.Js · Node.Js · CVE-2016-2216
**Name of the Vulnerable Software and Affected Versions**
Node.js versions 0.10.x before 0.10.42
Node.js versions 0.11.6 through 0.11.16
Node.js versions 0.12.x before 0.12.10
Node.js versions 4.x before 4.3.0
Node.js versions 5.x before 5.6.0
**Description**
The issue allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header. This can be demonstrated by using characters such as %c4%8d%c4%8a.
**Recommendations**
For Node.js versions 0.10.x before 0.10.42, update to version 0.10.42 or later.
For Node.js versions 0.11.6 through 0.11.16, update to a version outside of this range, such as version 0.11.17 or later.
For Node.js versions 0.12.x before 0.12.10, update to version 0.12.10 or later.
For Node.js versions 4.x before 4.3.0, update to version 4.3.0 or later.
For Node.js versions 5.x before 5.6.0, update to version 5.6.0 or later.