Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2020-8287HistoryJan 06, 2021 - 9:15 p.m.
CVE-2020-8287
2021-01-0621:15:14
Debian Security Bug Tracker
security-tracker.debian.org
15
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
0.008 Low
EPSS
Percentile
81.9%
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | http-parser | < 2.9.4-5 | http-parser_2.9.4-5_all.deb |
| Debian | 11 | all | http-parser | < 2.9.4-4+deb11u1 | http-parser_2.9.4-4+deb11u1_all.deb |
| Debian | 999 | all | http-parser | < 2.9.4-5 | http-parser_2.9.4-5_all.deb |
| Debian | 13 | all | http-parser | < 2.9.4-5 | http-parser_2.9.4-5_all.deb |
| Debian | 12 | all | nodejs | < 12.20.1~dfsg-1 | nodejs_12.20.1~dfsg-1_all.deb |
| Debian | 11 | all | nodejs | < 12.20.1~dfsg-1 | nodejs_12.20.1~dfsg-1_all.deb |
| Debian | 999 | all | nodejs | < 12.20.1~dfsg-1 | nodejs_12.20.1~dfsg-1_all.deb |
| Debian | 13 | all | nodejs | < 12.20.1~dfsg-1 | nodejs_12.20.1~dfsg-1_all.deb |
Related
nessus
nessus
SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2021:0121-1)
2021-01-15 00:00:00
openSUSE Security Update : nodejs8 (openSUSE-2021-195)
2021-02-01 00:00:00
Photon OS 3.0: Nodejs PHSA-2021-3.0-0213
2021-04-01 00:00:00
osv
osv
BIT-node-2020-8287
2024-03-06 11:07:21
http-parser - security update
2022-12-05 00:00:00
CVE-2020-8287
2021-01-06 21:15:14
cve
cve
CVE-2020-8287
2021-01-06 21:15:14
redhatcve
redhatcve
CVE-2020-8287
2021-01-05 14:33:28
alpinelinux
alpinelinux
CVE-2020-8287
2021-01-06 21:15:14
prion
prion
Design/Logic Flaw
2021-01-06 21:15:00
debian
debian
[SECURITY] [DLA 3224-1] http-parser security update
2022-12-05 13:03:06
[SECURITY] [DSA 4826-1] nodejs security update
2021-01-06 22:02:35
suse
suse
Security update for nodejs8 (moderate)
2021-01-30 00:00:00
Security update for nodejs10 (moderate)
2021-01-15 00:00:00
Security update for nodejs14 (moderate)
2021-01-15 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3224-1)
2022-12-06 00:00:00
openSUSE: Security Advisory for nodejs8 (openSUSE-SU-2021:0195-1)
2021-04-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:0121-1)
2021-06-09 00:00:00
githubexploit
githubexploit
Exploit for HTTP Request Smuggling in Nodejs Node.Js
2021-01-05 02:09:23
ibm
ibm
veracode
veracode
HTTP Request Smuggling
2021-01-06 04:57:20
ubuntu
ubuntu
http-parser vulnerability
2022-08-10 00:00:00
Node.js vulnerabilities
2023-09-19 00:00:00
mageia
mageia
Updated http-parser packages fix security vulnerability
2022-10-28 09:54:08
Updated nodejs packages fix security vulnerabilities
2021-02-05 14:54:53
cvelist
cvelist
CVE-2020-8287
2021-01-06 00:00:00
hackerone
hackerone
Node.js: Potential HTTP Request Smuggling in nodejs
2020-10-08 05:24:20
nvd
nvd
CVE-2020-8287
2021-01-06 21:15:14
ubuntucve
ubuntucve
CVE-2020-8287
2021-01-06 00:00:00
archlinux
archlinux
[ASA-202101-13] nodejs-lts-dubnium: multiple issues
2021-01-12 00:00:00
[ASA-202101-16] nodejs: multiple issues
2021-01-12 00:00:00
[ASA-202101-14] nodejs-lts-erbium: multiple issues
2021-01-12 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: nodejs-14.15.4-1.fc33
2021-01-10 01:28:45
[SECURITY] Fedora 32 Update: nodejs-12.20.1-1.fc32
2021-01-16 01:23:44
nodejsblog
nodejsblog
January 2021 Security Releases
2021-01-04 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2021-0213
2021-03-31 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2021-1.0-0373
2021-03-22 00:00:00
Important Photon OS Security Update - PHSA-2021-3.0-0213
2021-03-31 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package node version 14.15.4-alt1
2021-02-05 00:00:00
Security fix for the ALT Linux 10 package node version 14.15.4-alt1
2021-02-05 00:00:00
freebsd
freebsd
Node.js -- January 2021 Security Releases
2021-01-04 00:00:00
oraclelinux
oraclelinux
nodejs:12 security update
2021-02-20 00:00:00
nodejs:14 security and bug fix update
2021-02-20 00:00:00
nodejs:10 security update
2021-02-20 00:00:00
almalinux
almalinux
Moderate: nodejs:12 security update
2021-02-16 07:34:29
Moderate: nodejs:14 security and bug fix update
2021-02-16 07:34:42
Moderate: nodejs:10 security update
2021-02-16 07:34:15
ics
ics
Hitachi Energy Gateway Station (GWS) Product
2022-08-30 12:00:00
Hitachi Energy FACTS Control Platform (FCP) Product
2022-08-30 12:00:00
Hitachi Energy MicroSCADA Pro/X SYS600
2022-04-21 12:00:00
redhat
redhat
(RHSA-2021:0549) Moderate: nodejs:12 security update
2021-02-16 07:34:29
(RHSA-2021:0485) Moderate: rh-nodejs12-nodejs security update
2021-02-11 13:08:55
(RHSA-2021:0551) Moderate: nodejs:14 security and bug fix update
2021-02-16 07:34:42
rocky
rocky
nodejs:14 security and bug fix update
2021-02-16 07:34:42
nodejs:12 security update
2021-02-16 07:34:29
nodejs:10 security update
2021-02-16 07:34:15
gentoo
gentoo
NodeJS: Multiple vulnerabilities
2021-01-11 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
0.008 Low
EPSS
Percentile
81.9%
Related for DEBIANCVE:CVE-2020-8287