{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27982", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2024-02-29T01:04:06.640Z", "datePublished": "2024-05-07T16:40:02.518Z", "dateUpdated": "2024-08-02T00:41:55.961Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Node.js", "product": "Node", "versions": [{"version": "20.12.0", "status": "affected", "lessThanOrEqual": "20.12.0", "versionType": "semver"}, {"version": "21.7.2", "status": "affected", "lessThanOrEqual": "21.7.2", "versionType": "semver"}, {"version": "18.20.0", "status": "affected", "lessThanOrEqual": "18.20.0", "versionType": "semver"}]}], "references": [{"url": "https://hackerone.com/reports/2237099"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2024-05-07T16:40:02.518Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27982", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-07T18:19:19.540907Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:nodejs:node.js:-:*:*:*:*:-:*:*"], "vendor": "nodejs", "product": "node.js", "versions": [{"status": "affected", "version": "20.12.0, 21.7.2, 18.20.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:46:34.311Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:41:55.961Z"}, "title": "CVE Program Container", "references": [{"url": "https://hackerone.com/reports/2237099", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27982", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2024-02-29T01:04:06.640Z", "datePublished": "2024-05-07T16:40:02.518Z", "dateUpdated": "2024-06-04T17:46:34.311Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Node.js", "product": "Node", "versions": [{"version": "20.12.0", "status": "affected", "lessThanOrEqual": "20.12.0", "versionType": "semver"}, {"version": "21.7.2", "status": "affected", "lessThanOrEqual": "21.7.2", "versionType": "semver"}, {"version": "18.20.0", "status": "affected", "lessThanOrEqual": "18.20.0", "versionType": "semver"}]}], "references": [{"url": "https://hackerone.com/reports/2237099"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2024-05-07T16:40:02.518Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27982", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-07T18:19:19.540907Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:nodejs:node.js:-:*:*:*:*:-:*:*"], "vendor": "nodejs", "product": "node.js", "versions": [{"status": "affected", "version": "20.12.0, 21.7.2, 18.20.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-07T18:18:42.248Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"descriptions": [{"lang": "en", "value": "The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first."}, {"lang": "es", "value": "El equipo ha identificado una vulnerabilidad cr\u00edtica en el servidor http de la versi\u00f3n m\u00e1s reciente de Node, donde los encabezados con formato incorrecto pueden provocar el contrabando de solicitudes HTTP. Espec\u00edficamente, si se coloca un espacio antes de un encabezado de longitud de contenido, no se interpreta correctamente, lo que permite a los atacantes introducir de contrabando una segunda solicitud dentro del cuerpo de la primera."}], "id": "CVE-2024-27982", "lastModified": "2024-11-21T09:05:33.463", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "support@hackerone.com", "type": "Secondary"}]}, "published": "2024-05-07T17:15:07.663", "references": [{"source": "support@hackerone.com", "url": "https://hackerone.com/reports/2237099"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://hackerone.com/reports/2237099"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:2778", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "nodejs:20-8090020240422150739.a75119d5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-09T00:00:00Z"}, {"advisory": "RHSA-2024:2780", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "nodejs:18-8090020240429131734.a75119d5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-09T00:00:00Z"}, {"advisory": "RHSA-2024:2779", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "nodejs:18-9040020240422140329.rhel9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-05-09T00:00:00Z"}, {"advisory": "RHSA-2024:2853", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "nodejs:20-9040020240419140200.rhel9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-05-15T00:00:00Z"}, {"advisory": "RHSA-2024:2910", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "nodejs-1:16.20.2-8.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-05-20T00:00:00Z"}, {"advisory": "RHSA-2024:3545", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "nodejs-1:16.20.2-6.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-06-03T00:00:00Z"}, {"advisory": "RHSA-2024:4559", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "nodejs-1:16.20.2-6.el9_2.3", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-16T00:00:00Z"}], "bugzilla": {"description": "nodejs: HTTP Request Smuggling via Content Length Obfuscation", "id": "2275392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275392"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-444", "details": ["The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.", "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-27982", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "nodejs:16/nodejs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-nodejs14-nodejs", "product_name": "Red Hat Software Collections"}], "public_date": "2024-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-27982\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-27982\nhttps://nodejs.org/en/blog/vulnerability/april-2024-security-releases"], "statement": "The HTTP request smuggling vulnerability in Node.js, stemming from Content-Length header obfuscation, is categorized as moderate severity due to its potential impact on the security and integrity of web applications. While the vulnerability can allow for the smuggling of secondary HTTP requests, leading to potential bypassing of security controls and injection of malicious content, its exploitation requires specific conditions and configurations to be met. Successful exploitation relies on the server's handling of malformed headers and the presence of web caching mechanisms susceptible to poisoning. Though the risk is notable and could facilitate attacks like XSS and cache poisoning, its moderate severity status suggests that while it warrants attention and mitigation, it might not pose an immediate, widespread threat under all circumstances.", "threat_severity": "Moderate"}