CVE-2021-22959 - log back

CVE-2021-22959 edited at 12 Oct 2021 16:42:11
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Url request injection
Description
+ A security issue has been found in Node.js before versions 16.11.1, 14.18.1 and 12.22.7. The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS).
References
+ https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/#http-request-smuggling-due-to-spaced-in-headers-medium-cve-2021-22959
+ https://hackerone.com/reports/1238099
+ https://hackerone.com/reports/1238709
+ https://github.com/nodejs/node/commit/af488f8dc82d69847992ea1cd2f53dc8082b3b91
+ https://github.com/nodejs/node/commit/8c254ca7e4693fb778d808fa835b095de6c9fdd4
+ https://github.com/nodejs/node/commit/21a2e554e3eaa325abbdb28f366928d0ccc0a0f0
Notes
CVE-2021-22959 created at 12 Oct 2021 16:36:13