A flaw was found in nodejs. Affected versions of Node.js allow two copies of a header field in an HTTP request. The first header field is recognized while the second is ignored leading to HTTP request smuggling. The highest threat from this vulnerability is to data confidentiality and integrity.

References

bugzilla.redhat.com/show_bug.cgi?id=1912863

nvd.nist.gov/vuln/detail/CVE-2020-8287

www.cve.org/CVERecord?id=CVE-2020-8287

nessus 40

osv 12

cve 1

prion 1

alpinelinux 1

debian 2

debiancve 1

suse 5

openvas 21

githubexploit 1

ibm 21

veracode 1

ubuntu 2

mageia 2

cvelist 1

hackerone 1

nvd 1

ubuntucve 1

archlinux 4

fedora 2

nodejsblog 1

photon 7

altlinux 2

freebsd 1

oraclelinux 3

almalinux 3

ics 4

redhat 6

rocky 3

gentoo 1

oracle 1

nessus

SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2021:0121-1)

2021-01-15 00:00:00

openSUSE Security Update : nodejs8 (openSUSE-2021-195)

2021-02-01 00:00:00

Photon OS 3.0: Nodejs PHSA-2021-3.0-0213

2021-04-01 00:00:00

osv

BIT-node-2020-8287

2024-03-06 11:07:21

http-parser - security update

2022-12-05 00:00:00

CVE-2020-8287

2021-01-06 21:15:14

cve

CVE-2020-8287

2021-01-06 21:15:14

prion

Design/Logic Flaw

2021-01-06 21:15:00

alpinelinux

CVE-2020-8287

2021-01-06 21:15:14

debian

[SECURITY] [DLA 3224-1] http-parser security update

2022-12-05 13:03:06

[SECURITY] [DSA 4826-1] nodejs security update

2021-01-06 22:02:35

debiancve

CVE-2020-8287

2021-01-06 21:15:14

suse

Security update for nodejs8 (moderate)

2021-01-30 00:00:00

Security update for nodejs10 (moderate)

2021-01-15 00:00:00

Security update for nodejs14 (moderate)

2021-01-15 00:00:00

openvas

Debian: Security Advisory (DLA-3224-1)

2022-12-06 00:00:00

openSUSE: Security Advisory for nodejs8 (openSUSE-SU-2021:0195-1)

2021-04-16 00:00:00

SUSE: Security Advisory (SUSE-SU-2021:0121-1)

2021-06-09 00:00:00

githubexploit

Exploit for HTTP Request Smuggling in Nodejs Node.Js

2021-01-05 02:09:23

ibm

Security Bulletin: IBM Integration Bus & IBM App Connect Enterprise V11 are affected by vulnerabilities in Node.js (CVE-2020-8287)

2021-05-05 12:02:04

Security Bulletin: Vulnerabilities in Node.js in IBM DataPower Gateway

2021-08-16 15:05:23

Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple Node.js vulnerabilities

2021-03-31 15:11:30

veracode

HTTP Request Smuggling

2021-01-06 04:57:20

ubuntu

http-parser vulnerability

2022-08-10 00:00:00

Node.js vulnerabilities

2023-09-19 00:00:00

mageia

Updated http-parser packages fix security vulnerability

2022-10-28 09:54:08

Updated nodejs packages fix security vulnerabilities

2021-02-05 14:54:53

cvelist

CVE-2020-8287

2021-01-06 00:00:00

hackerone

Node.js: Potential HTTP Request Smuggling in nodejs

2020-10-08 05:24:20

nvd

CVE-2020-8287

2021-01-06 21:15:14

ubuntucve

CVE-2020-8287

2021-01-06 00:00:00

archlinux

[ASA-202101-13] nodejs-lts-dubnium: multiple issues

2021-01-12 00:00:00

[ASA-202101-16] nodejs: multiple issues

2021-01-12 00:00:00

[ASA-202101-14] nodejs-lts-erbium: multiple issues

2021-01-12 00:00:00

fedora

[SECURITY] Fedora 33 Update: nodejs-14.15.4-1.fc33

2021-01-10 01:28:45

[SECURITY] Fedora 32 Update: nodejs-12.20.1-1.fc32

2021-01-16 01:23:44

nodejsblog

January 2021 Security Releases

2021-01-04 00:00:00

photon

Important Photon OS Security Update - PHSA-2021-0213

2021-03-31 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0373

2021-03-22 00:00:00

Important Photon OS Security Update - PHSA-2021-3.0-0213

2021-03-31 00:00:00

altlinux

Security fix for the ALT Linux 9 package node version 14.15.4-alt1

2021-02-05 00:00:00

Security fix for the ALT Linux 10 package node version 14.15.4-alt1

2021-02-05 00:00:00

freebsd

Node.js -- January 2021 Security Releases

2021-01-04 00:00:00

oraclelinux

nodejs:12 security update

2021-02-20 00:00:00

nodejs:14 security and bug fix update

2021-02-20 00:00:00

nodejs:10 security update

2021-02-20 00:00:00

almalinux

Moderate: nodejs:12 security update

2021-02-16 07:34:29

Moderate: nodejs:14 security and bug fix update

2021-02-16 07:34:42

Moderate: nodejs:10 security update

2021-02-16 07:34:15

ics

Hitachi Energy Gateway Station (GWS) Product

2022-08-30 12:00:00

Hitachi Energy FACTS Control Platform (FCP) Product

2022-08-30 12:00:00

Hitachi Energy MicroSCADA Pro/X SYS600

2022-04-21 12:00:00

redhat

(RHSA-2021:0549) Moderate: nodejs:12 security update

2021-02-16 07:34:29

(RHSA-2021:0485) Moderate: rh-nodejs12-nodejs security update

2021-02-11 13:08:55

(RHSA-2021:0551) Moderate: nodejs:14 security and bug fix update

2021-02-16 07:34:42

rocky

nodejs:14 security and bug fix update

2021-02-16 07:34:42

nodejs:12 security update

2021-02-16 07:34:29

nodejs:10 security update

2021-02-16 07:34:15

gentoo

NodeJS: Multiple vulnerabilities

2021-01-11 00:00:00

oracle

Oracle Critical Patch Update Advisory - January 2021

2021-01-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.008 Low

EPSS

Percentile

81.9%

JSON

Related for RH:CVE-2020-8287