A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).

References

bugzilla.redhat.com/show_bug.cgi?id=2219841

nvd.nist.gov/vuln/detail/CVE-2023-30589

www.cve.org/CVERecord?id=CVE-2023-30589

cbl_mariner 2

openvas 20

nvd 1

alpinelinux 1

osv 13

fedora 8

cgr 1

cvelist 1

debiancve 1

nessus 43

prion 1

github 2

veracode 1

hackerone 2

wolfi 1

ubuntucve 1

cve 1

ubuntu 1

oraclelinux 4

almalinux 4

redhat 6

ibm 13

rocky 2

mageia 1

nodejsblog 1

debian 1

photon 2

gentoo 1

ics 1

oracle 1

cbl_mariner

CVE-2023-30589 affecting package nodejs18 for versions less than 18.17.1-2

2023-09-27 18:02:50

CVE-2023-30589 affecting package nodejs for versions less than 16.20.1-2

2023-08-03 02:51:21

openvas

Fedora: Security Advisory for llhttp (FEDORA-2023-105880e618)

2023-08-17 00:00:00

Fedora: Security Advisory for python-aiohttp (FEDORA-2023-f75af676f2)

2023-08-08 00:00:00

Fedora: Security Advisory for python-aiohttp (FEDORA-2023-105880e618)

2023-08-17 00:00:00

nvd

CVE-2023-30589

2023-07-01 00:15:10

alpinelinux

CVE-2023-30589

2023-07-01 00:15:10

osv

llhttp vulnerable to HTTP request smuggling

2023-07-01 00:30:46

CVE-2023-30589

2023-07-01 00:15:10

BIT-node-2023-30589

2024-03-06 11:00:53

fedora

[SECURITY] Fedora 37 Update: python-aiohttp-3.8.5-1.fc37

2023-08-17 00:34:28

[SECURITY] Fedora 38 Update: llhttp-8.1.1-1.fc38

2023-08-07 01:27:34

[SECURITY] Fedora 37 Update: llhttp-8.1.1-1.fc37

2023-08-17 00:34:27

cgr

CVE-2023-30589 vulnerabilities

2024-05-19 03:07:16

cvelist

CVE-2023-30589

2023-06-30 23:39:59

debiancve

CVE-2023-30589

2023-07-01 00:15:10

nessus

Fedora 38 : llhttp / python-aiohttp (2023-f75af676f2)

2023-08-07 00:00:00

Fedora 39 : llhttp / python-aiohttp (2023-ad76deb86e)

2023-11-07 00:00:00

Fedora 37 : llhttp / python-aiohttp (2023-105880e618)

2023-08-17 00:00:00

prion

Crlf injection

2023-07-01 00:15:00

github

llhttp vulnerable to HTTP request smuggling

2023-07-01 00:30:46

aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser

2023-07-20 14:52:00

veracode

HTTP Request Smuggling (HRS)

2023-07-23 04:52:48

hackerone

Internet Bug Bounty: HTTP Request Smuggling via Empty headers separated by CR

2023-06-21 02:32:11

Node.js: HTTP Request Smuggling via Empty headers separated by CR

2023-05-25 13:38:29

wolfi

CVE-2023-30589 vulnerabilities

2024-07-05 21:08:40

ubuntucve

CVE-2023-30589

2023-07-01 00:00:00

cve

CVE-2023-30589

2023-07-01 00:15:10

ubuntu

Node.js vulnerabilities

2024-04-16 00:00:00

oraclelinux

nodejs security, bug fix, and enhancement update

2023-08-02 00:00:00

nodejs:18 security, bug fix, and enhancement update

2023-08-10 00:00:00

nodejs:16 security, bug fix, and enhancement update

2023-08-10 00:00:00

almalinux

Moderate: nodejs:18 security, bug fix, and enhancement update

2023-08-08 00:00:00

Moderate: nodejs:16 security, bug fix, and enhancement update

2023-08-08 00:00:00

Moderate: nodejs:18 security, bug fix, and enhancement update

2023-07-31 00:00:00

redhat

(RHSA-2023:4331) Moderate: nodejs security, bug fix, and enhancement update

2023-07-31 08:55:53

(RHSA-2023:4330) Moderate: nodejs:18 security, bug fix, and enhancement update

2023-07-31 08:54:02

(RHSA-2023:4536) Moderate: nodejs:18 security, bug fix, and enhancement update

2023-08-08 07:21:44

ibm

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to several vulnerabilities in Node.js due to [CVE-2023-30581] [CVE-2023-30588] [CVE-2023-30589] [CVE-2023-30590]

2023-09-07 15:11:40

Security Bulletin: IBM DataPower Gateway vulnerable to multiple issues in Node.js

2023-10-13 12:54:24

Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Node.js

2023-08-01 09:43:58

rocky

nodejs:16 security, bug fix, and enhancement update

2023-08-08 12:34:39

nodejs:18 security, bug fix, and enhancement update

2023-10-06 23:10:12

mageia

Updated nodejs packages fix security vulnerability

2023-07-07 08:54:45

nodejsblog

Tuesday June 20 2023 Security Releases

2023-06-20 00:00:00

debian

[SECURITY] [DSA 5589-1] nodejs security update

2023-12-27 22:12:40

photon

Critical Photon OS Security Update - PHSA-2023-3.0-0606

2023-07-02 00:00:00

Important Photon OS Security Update - PHSA-2023-5.0-0041

2023-06-29 00:00:00

gentoo

Node.js: Multiple Vulnerabilities

2024-05-08 00:00:00

ics

Siemens SINEC NMS

2024-02-15 12:00:00

oracle

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

40.2%

JSON

Related for RH:CVE-2023-30589