nodejs is vulnerable to HTTP response splitting. This is due to a lack of validation for permitted characters in the reason
argument in ServerResponse#writeHead()
function. An attacker is able to inject arbitrary HTTP headers into the server response via the affected argument and perform HTTP response splitting attacks.