PT-2021-2152 · Node.Js+9 · Node.Js+9

Published

2020-01-24

·

Updated

2026-05-18

·

CVE-2020-8287

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1
Description The issue is related to inconsistent interpretation of HTTP requests. This can lead to HTTP Request Smuggling when two copies of a header field are present in an HTTP request, such as two Transfer-Encoding header fields. In this case, Node.js identifies the first header field and ignores the second. The exploitation of this issue may allow a remote attacker to impact the confidentiality and integrity of protected information.
Recommendations For versions before 10.23.1, update to version 10.23.1 or later. For versions before 12.20.1, update to version 12.20.1 or later. For versions before 14.15.4, update to version 14.15.4 or later. For versions before 15.5.1, update to version 15.5.1 or later.

Exploit

Fix

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-444

Related Identifiers

ALSA-2021:0548
ALSA-2021:0549
ALSA-2021:0551
ALT-PU-2020-1090
ALT-PU-2021-1226
ALT-PU-2021-1493
ALT-PU-2022-3073
BDU:2021-01025
BIT-NODE-2020-8287
BIT-NODE-MIN-2020-8287
CESA-2021_0548
CESA-2021_0549
CESA-2021_0551
CLEANSTART-2026-BD71263
CLEANSTART-2026-IS74202
CLEANSTART-2026-JR35772
CLEANSTART-2026-JY06700
CLEANSTART-2026-KN34553
CLEANSTART-2026-KZ45320
CLEANSTART-2026-LJ44720
CLEANSTART-2026-LN12820
CLEANSTART-2026-TX00223
CLEANSTART-2026-WI75198
CVE-2020-8287
DLA-3224-1
DSA-4826-1
MGASA-2021-0069
MGASA-2022-0393
OESA-2021-1058
OPENSUSE-SU-2021:0064-1
OPENSUSE-SU-2021:0065-1
OPENSUSE-SU-2021:0066-1
OPENSUSE-SU-2021:0082-1
OPENSUSE-SU-2021:0195-1
OPENSUSE-SU-2021_0064-1
OPENSUSE-SU-2021_0065-1
OPENSUSE-SU-2021_0066-1
OPENSUSE-SU-2021_0082-1
OPENSUSE-SU-2021_0195-1
OPENSUSE-SU-2024:11096-1
RHSA-2021:0421
RHSA-2021:0485
RHSA-2021:0521
RHSA-2021:0548
RHSA-2021:0549
RHSA-2021:0551
RHSA-2021_0548
RHSA-2021_0549
RHSA-2021_0551
RLSA-2021:0548
RLSA-2021:0549
RLSA-2021:0551
SUSE-SU-2021:0060-1
SUSE-SU-2021:0061-1
SUSE-SU-2021:0062-1
SUSE-SU-2021:0068-1
SUSE-SU-2021:0082-1
SUSE-SU-2021:0107-1
SUSE-SU-2021:0121-1
SUSE-SU-2021:0224-1
SUSE-SU-2021_0121-1
SUSE-SU-2021_0224-1
USN-5563-1
USN-6380-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Node.Js
Red Hat
Rocky Linux
Suse
Ubuntu