---

CVE-2024-27982 - log back

CVE-2024-27982 edited at 03 Apr 2024 16:03:53
References	https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/#http-request-smuggling-via-content-length-obfuscation---cve-2024-27982---medium + https://github.com/nodejs/node/commit/1a65e98e22 + https://github.com/nodejs/node/commit/5e34540a96 + https://github.com/nodejs/node/commit/5d4d5848cf
Notes	+ This vulnerability affects all users in all active release lines: 18.x, 20.x and, 21.x.

CVE-2024-27982 created at 03 Apr 2024 15:44:01
Severity	+ Medium
Remote	+ Remote
Type	+ Insufficient validation
Description	+ The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first. + + Impacts: This vulnerability affects all users in all active release lines: 18.x, 20.x and, 21.x.
References	+ https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/#http-request-smuggling-via-content-length-obfuscation---cve-2024-27982---medium
Notes