Important Update Node.js to 18.20.1, 20.12.1, 21.7.2 or newer

{
  "by": "dorianniemiec",
  "descendants": 0,
  "id": 40232990,
  "kids": [
    40233125
  ],
  "score": 5,
  "time": 1714627727,
  "title": "Important Update Node.js to 18.20.1, 20.12.1, 21.7.2 or newer",
  "type": "story",
  "url": "https://blog.svrjs.org/2024/04/03/IMPORTANT-Update-Node-JS-to-18-20-1-20-12-1-21-7-2-or-newer/"
}

{
  "author": "SVR.JS",
  "date": "2024-04-06T18:13:14.478Z",
  "description": "IMPORTANT! Update Node.JS to 18.20.1, 20.12.1, 21.7.2 or newer! Older versions of Node.JS had a CVE-2024-27982 vulnerability, which involves placing a space before Content-Length header, enabling atta",
  "image": "https://blog.svrjs.org/images/covers/IMPORTANT-Update-Node-JS-to-18-20-1-20-12-1-21-7-2-or-newer.png",
  "logo": null,
  "publisher": "SVR.JS Blog",
  "title": "IMPORTANT! Update Node.JS to 18.20.1, 20.12.1, 21.7.2 or newer!",
  "url": "https://blog.svrjs.org/2024/04/03/IMPORTANT-Update-Node-JS-to-18-20-1-20-12-1-21-7-2-or-newer/"
}

{
  "url": "https://blog.svrjs.org/2024/04/03/IMPORTANT-Update-Node-JS-to-18-20-1-20-12-1-21-7-2-or-newer/",
  "title": "IMPORTANT! Update Node.JS to 18.20.1, 20.12.1, 21.7.2 or newer!",
  "description": "IMPORTANT! Update Node.JS to 18.20.1, 20.12.1, 21.7.2 or newer! Older versions of Node.JS had a CVE-2024-27982 vulnerability, which involves placing a space before Content-Length header, enabling atta",
  "links": [
    "https://blog.svrjs.org/2024/04/03/IMPORTANT-Update-Node-JS-to-18-20-1-20-12-1-21-7-2-or-newer/"
  ],
  "image": "https://blog.svrjs.org/images/covers/IMPORTANT-Update-Node-JS-to-18-20-1-20-12-1-21-7-2-or-newer.png",
  "content": "<section><article>\n  <div>\n<div>\n  <p><img src=\"https://blog.svrjs.org/images/covers/IMPORTANT-Update-Node-JS-to-18-20-1-20-12-1-21-7-2-or-newer.png\" alt=\"IMPORTANT! Update Node.JS to 18.20.1, 20.12.1, 21.7.2 or newer!\" />\n  </p>\n</div>\n    <div>\n        <p><strong>IMPORTANT! Update Node.JS to 18.20.1, 20.12.1, 21.7.2 or newer!</strong></p>\n<p>Older versions of Node.JS had a <a target=\"_blank\" href=\"https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/#http-request-smuggling-via-content-length-obfuscation---cve-2024-27982---medium\">CVE-2024-27982 vulnerability</a>, which involves placing a space before <em>Content-Length</em> header, enabling attackers to smuggle in a second request.</p>\n<p>The original vulnerability description:</p>\n<p><em>The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.</em></p>\n<p>Future SVR.JS versions will warn you about this vulnerability in server logs, if you’re running affected versions of Node.JS.</p>\n    </div>\n  </div>\n    <a target=\"_blank\" href=\"https://blog.svrjs.org/2024/04/06/What-are-path-traversal-attacks-How-to-prevent-them/\">\n      <strong>Newer</strong>\n      <p>\n          What are path traversal attacks? How to prevent them?\n      </p>\n    </a>\n    <a target=\"_blank\" href=\"https://blog.svrjs.org/2024/04/01/April-Fools-SVR-JS-SimpleServe-is-a-joke/\">\n      <strong>Older</strong>\n      <p>April Fools! SVR.JS SimpleServe is a joke!</p>\n    </a>\n</article>\n</section>",
  "author": "SVR.JS",
  "favicon": "https://blog.svrjs.org/favicon.ico",
  "source": "blog.svrjs.org",
  "published": "2024-04-06T18:13:14.478Z",
  "ttr": 26,
  "type": "article"
}