HTTP Request Smuggling Vulnerability in Node.js

HTTP Request Smuggling Vulnerability in Node.js

CVE-2020-8287 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.

Learn more about our Web Application Penetration Testing UK.