CVE-2021-22960 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Url request injection |
Description | A security issue has been found in Node.js before versions 16.11.1, 14.18.1 and 12.22.7. The parser ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-2460 | nodejs | 16.11.0-1 | 16.11.1-1 | Medium | Fixed | |
AVG-2285 | nodejs-lts-erbium | 12.22.4-2 | 12.22.7-1 | High | Fixed | FS#72412 |
AVG-2284 | nodejs-lts-fermium | 14.17.4-1 | 14.18.1-1 | High | Fixed | FS#72413 |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
21 Oct 2021 | ASA-202110-6 | AVG-2285 | nodejs-lts-erbium | High | multiple issues |
21 Oct 2021 | ASA-202110-5 | AVG-2284 | nodejs-lts-fermium | High | multiple issues |
21 Oct 2021 | ASA-202110-4 | AVG-2460 | nodejs | Medium | url request injection |