node is vulnerable to http request smuggling. The vulnerability exists when there are two or more copies of a header field in a http request and the first header field is identified and the rest are ignored.
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
hackerone.com/reports/1002188
lists.fedoraproject.org/archives/list/[email protected]/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/
lists.fedoraproject.org/archives/list/[email protected]/message/K4I6MZNC7C7VIDQR267OL4TVCI3ZKAC4/
nodejs.org/en/blog/vulnerability/january-2021-security-releases/
security.gentoo.org/glsa/202101-07
security.netapp.com/advisory/ntap-20210212-0003/
www.debian.org/security/2021/dsa-4826
www.oracle.com/security-alerts/cpujan2021.html