EPSS
Percentile
77.0%
node is vulnerable to HTTP request smuggling. Lack of validation for forbidden characters in the headers allows a remote attacker to send a request with a crafted Content-Length value to smuggle HTTP requests and bypass access controls.
Content-Length
github.com/nodejs/node/blob/3516052bee118dce767dd330fa857f6615c5b28a/doc/changelogs/CHANGELOG_V012.md
github.com/nodejs/node/commit/7bef1b790727430cb82bf8be80cfe058480de100