Bpingel

**Name of the Vulnerable Software and Affected Versions** Node.js versions prior to the fixed version **Description** The issue is related to insufficient handling of HTTP requests in the Node.js platform, allowing a remote attacker to send a hidden HTTP request, known as an HTTP Request Smuggling attack. This can occur when malformed headers are sent, specifically if a space is placed before a content-length header, which is not interpreted correctly. This enables attackers to smuggle in a second request within the body of the first. **Recommendations** For Node.js versions prior to the fixed version, consider disabling the HTTP server functionality until a patch is available. Restrict access to the HTTP server to minimize the risk of exploitation. Avoid using malformed headers, specifically those with a space before a content-length header, in the affected HTTP server until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.