Download
| Alert*
oval:org.secpod.oval:def:127473
An HTTP/1.1 client, written from scratch for Node.js. oval:org.secpod.oval:def:127476 An HTTP/1.1 client, written from scratch for Node.js. oval:org.secpod.oval:def:89051765 This update for nodejs18 fixes the following issues: Update to 18.20.1 Security fixes: * CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session that could lead to HTTP/2 server crash * CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation * CVE-202 ... oval:org.secpod.oval:def:19500694 An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP ... |