Path to this page:
Subject: CVS commit: pkgsrc/lang/nodejs
From: Adam Ciarcinski
Date: 2021-10-20 11:14:19
Message id: 20211020091420.0B530FA97@cvs.NetBSD.org
Log Message:
nodejs: updated to 14.18.1
Version 14.18.1 'Fermium' (LTS)
This is a security release.
Notable changes
CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
The http parser accepts requests with a space (SP) right after the header name \
before the colon. This can lead to HTTP Request Smuggling (HRS). More details \
will be available at CVE-2021-22959 after publication.
CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
The parse ignores chunk extensions when parsing the body of chunked requests. \
This leads to HTTP Request Smuggling (HRS) under certain conditions. More \
details will be available at CVE-2021-22960 after publication.
Files: