---

CVE-2021-22959 - log back

CVE-2021-22959 edited at 12 Oct 2021 16:42:11
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Url request injection
Description	+ A security issue has been found in Node.js before versions 16.11.1, 14.18.1 and 12.22.7. The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS).
References	+ https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/#http-request-smuggling-due-to-spaced-in-headers-medium-cve-2021-22959 + https://hackerone.com/reports/1238099 + https://hackerone.com/reports/1238709 + https://github.com/nodejs/node/commit/af488f8dc82d69847992ea1cd2f53dc8082b3b91 + https://github.com/nodejs/node/commit/8c254ca7e4693fb778d808fa835b095de6c9fdd4 + https://github.com/nodejs/node/commit/21a2e554e3eaa325abbdb28f366928d0ccc0a0f0
Notes

CVE-2021-22959 created at 12 Oct 2021 16:36:13