CVE-2020-8287
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-8287
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8287.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-8287
- Aliases
- Related
- Published
- 2021-01-06T21:15:14Z
- Modified
- 2024-09-11T04:41:53.726255Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.
- References
-
- https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
- https://security.gentoo.org/glsa/202101-07
- https://security.netapp.com/advisory/ntap-20210212-0003/
- https://www.debian.org/security/2021/dsa-4826
- https://lists.debian.org/debian-lts-announce/2022/12/msg00009.html
- https://hackerone.com/reports/1002188
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4I6MZNC7C7VIDQR267OL4TVCI3ZKAC4/
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://security.alpinelinux.org/vuln/CVE-2020-8287
- https://security-tracker.debian.org/tracker/CVE-2020-8287
Affected packages
Alpine:v3.11 / nodejs
Package
- Name
- nodejs
- Purl
- pkg:apk/alpine/nodejs?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed12.20.1-r0
Affected versions
4.*
4.4.3-r0
4.4.4-r0
4.4.5-r0
4.4.7-r0
4.5.0-r0
6.*
6.9.1-r0
6.9.1-r1
6.9.2-r0
6.9.4-r0
6.9.4-r1
6.9.5-r0
6.9.5-r1
6.10.0-r0
6.10.1-r0
6.10.3-r0
6.11.0-r0
6.11.1-r0
6.11.1-r1
6.11.1-r2
6.11.2-r0
6.11.3-r0
6.11.4-r0
6.11.5-r0
8.*
8.9.0-r0
8.9.1-r0
8.9.2-r0
8.9.3-r0
8.9.3-r1
8.9.4-r0
8.10.0-r0
8.11.0-r0
8.11.0-r1
8.11.1-r0
8.11.1-r1
8.11.1-r2
8.11.2-r0
8.11.3-r0
8.11.3-r1
8.11.3-r2
8.11.3-r3
8.11.4-r0
8.12.0-r0
10.*
10.13.0-r0
10.14.0-r0
10.14.1-r0
10.14.2-r0
10.15.1-r0
10.15.3-r0
10.16.0-r0
10.16.1-r0
10.16.2-r0
10.16.3-r0
12.*
12.13.0-r0
12.13.0-r1
12.13.1-r0
12.14.0-r0
12.15.0-r0
12.15.0-r1
Alpine:v3.12 / nodejs
Package
- Name
- nodejs
- Purl
- pkg:apk/alpine/nodejs?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed12.20.1-r0
Affected versions
4.*
4.4.3-r0
4.4.4-r0
4.4.5-r0
4.4.7-r0
4.5.0-r0
6.*
6.9.1-r0
6.9.1-r1
6.9.2-r0
6.9.4-r0
6.9.4-r1
6.9.5-r0
6.9.5-r1
6.10.0-r0
6.10.1-r0
6.10.3-r0
6.11.0-r0
6.11.1-r0
6.11.1-r1
6.11.1-r2
6.11.2-r0
6.11.3-r0
6.11.4-r0
6.11.5-r0
8.*
8.9.0-r0
8.9.1-r0
8.9.2-r0
8.9.3-r0
8.9.3-r1
8.9.4-r0
8.10.0-r0
8.11.0-r0
8.11.0-r1
8.11.1-r0
8.11.1-r1
8.11.1-r2
8.11.2-r0
8.11.3-r0
8.11.3-r1
8.11.3-r2
8.11.3-r3
8.11.4-r0
8.12.0-r0
10.*
10.13.0-r0
10.14.0-r0
10.14.1-r0
10.14.2-r0
10.15.1-r0
10.15.3-r0
10.16.0-r0
10.16.1-r0
10.16.2-r0
10.16.3-r0
12.*
12.13.0-r0
12.13.0-r1
12.13.1-r0
12.14.0-r0
12.14.1-r0
12.15.0-r0
12.15.0-r1
12.15.0-r2
12.16.2-r0
12.16.3-r0
12.16.3-r1
12.17.0-r0
12.18.3-r0
12.18.4-r0
12.19.0-r0
Alpine:v3.13 / nodejs
Package
- Name
- nodejs
- Purl
- pkg:apk/alpine/nodejs?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed14.15.4-r0
Affected versions
4.*
4.4.3-r0
4.4.4-r0
4.4.5-r0
4.4.7-r0
4.5.0-r0
6.*
6.9.1-r0
6.9.1-r1
6.9.2-r0
6.9.4-r0
6.9.4-r1
6.9.5-r0
6.9.5-r1
6.10.0-r0
6.10.1-r0
6.10.3-r0
6.11.0-r0
6.11.1-r0
6.11.1-r1
6.11.1-r2
6.11.2-r0
6.11.3-r0
6.11.4-r0
6.11.5-r0
8.*
8.9.0-r0
8.9.1-r0
8.9.2-r0
8.9.3-r0
8.9.3-r1
8.9.4-r0
8.10.0-r0
8.11.0-r0
8.11.0-r1
8.11.1-r0
8.11.1-r1
8.11.1-r2
8.11.2-r0
8.11.3-r0
8.11.3-r1
8.11.3-r2
8.11.3-r3
8.11.4-r0
8.12.0-r0
10.*
10.13.0-r0
10.14.0-r0
10.14.1-r0
10.14.2-r0
10.15.1-r0
10.15.3-r0
10.16.0-r0
10.16.1-r0
10.16.2-r0
10.16.3-r0
12.*
12.13.0-r0
12.13.0-r1
12.13.1-r0
12.14.0-r0
12.14.1-r0
12.15.0-r0
12.15.0-r1
12.15.0-r2
12.16.2-r0
12.16.3-r0
12.16.3-r1
12.17.0-r0
12.18.0-r0
12.18.0-r1
12.18.0-r2
12.18.2-r0
12.18.3-r0
12.18.4-r0
12.19.0-r0
14.*
14.15.1-r0
14.15.3-r0
14.15.3-r1
14.15.3-r2
Alpine:v3.14 / nodejs
Package
- Name
- nodejs
- Purl
- pkg:apk/alpine/nodejs?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed14.15.4-r0
Affected versions
4.*
4.4.3-r0
4.4.4-r0
4.4.5-r0
4.4.7-r0
4.5.0-r0
6.*
6.9.1-r0
6.9.1-r1
6.9.2-r0
6.9.4-r0
6.9.4-r1
6.9.5-r0
6.9.5-r1
6.10.0-r0
6.10.1-r0
6.10.3-r0
6.11.0-r0
6.11.1-r0
6.11.1-r1
6.11.1-r2
6.11.2-r0
6.11.3-r0
6.11.4-r0
6.11.5-r0
8.*
8.9.0-r0
8.9.1-r0
8.9.2-r0
8.9.3-r0
8.9.3-r1
8.9.4-r0
8.10.0-r0
8.11.0-r0
8.11.0-r1
8.11.1-r0
8.11.1-r1
8.11.1-r2
8.11.2-r0
8.11.3-r0
8.11.3-r1
8.11.3-r2
8.11.3-r3
8.11.4-r0
8.12.0-r0
10.*
10.13.0-r0
10.14.0-r0
10.14.1-r0
10.14.2-r0
10.15.1-r0
10.15.3-r0
10.16.0-r0
10.16.1-r0
10.16.2-r0
10.16.3-r0
12.*
12.13.0-r0
12.13.0-r1
12.13.1-r0
12.14.0-r0
12.14.1-r0
12.15.0-r0
12.15.0-r1
12.15.0-r2
12.16.2-r0
12.16.3-r0
12.16.3-r1
12.17.0-r0
12.18.0-r0
12.18.0-r1
12.18.0-r2
12.18.2-r0
12.18.3-r0
12.18.4-r0
12.19.0-r0
14.*
14.15.1-r0
14.15.3-r0
14.15.3-r1
14.15.3-r2
Alpine:v3.15 / nodejs
Package
- Name
- nodejs
- Purl
- pkg:apk/alpine/nodejs?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed14.15.4-r0
Affected versions
4.*
4.4.3-r0
4.4.4-r0
4.4.5-r0
4.4.7-r0
4.5.0-r0
6.*
6.9.1-r0
6.9.1-r1
6.9.2-r0
6.9.4-r0
6.9.4-r1
6.9.5-r0
6.9.5-r1
6.10.0-r0
6.10.1-r0
6.10.3-r0
6.11.0-r0
6.11.1-r0
6.11.1-r1
6.11.1-r2
6.11.2-r0
6.11.3-r0
6.11.4-r0
6.11.5-r0
8.*
8.9.0-r0
8.9.1-r0
8.9.2-r0
8.9.3-r0
8.9.3-r1
8.9.4-r0
8.10.0-r0
8.11.0-r0
8.11.0-r1
8.11.1-r0
8.11.1-r1
8.11.1-r2
8.11.2-r0
8.11.3-r0
8.11.3-r1
8.11.3-r2
8.11.3-r3
8.11.4-r0
8.12.0-r0
10.*
10.13.0-r0
10.14.0-r0
10.14.1-r0
10.14.2-r0
10.15.1-r0
10.15.3-r0
10.16.0-r0
10.16.1-r0
10.16.2-r0
10.16.3-r0
12.*
12.13.0-r0
12.13.0-r1
12.13.1-r0
12.14.0-r0
12.14.1-r0
12.15.0-r0
12.15.0-r1
12.15.0-r2
12.16.2-r0
12.16.3-r0
12.16.3-r1
12.17.0-r0
12.18.0-r0
12.18.0-r1
12.18.0-r2
12.18.2-r0
12.18.3-r0
12.18.4-r0
12.19.0-r0
14.*
14.15.1-r0
14.15.3-r0
14.15.3-r1
14.15.3-r2
Alpine:v3.16 / nodejs
Package
- Name
- nodejs
- Purl
- pkg:apk/alpine/nodejs?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed14.15.4-r0
Affected versions
4.*
4.4.3-r0
4.4.4-r0
4.4.5-r0
4.4.7-r0
4.5.0-r0
6.*
6.9.1-r0
6.9.1-r1
6.9.2-r0
6.9.4-r0
6.9.4-r1
6.9.5-r0
6.9.5-r1
6.10.0-r0
6.10.1-r0
6.10.3-r0
6.11.0-r0
6.11.1-r0
6.11.1-r1
6.11.1-r2
6.11.2-r0
6.11.3-r0
6.11.4-r0
6.11.5-r0
8.*
8.9.0-r0
8.9.1-r0
8.9.2-r0
8.9.3-r0
8.9.3-r1
8.9.4-r0
8.10.0-r0
8.11.0-r0
8.11.0-r1
8.11.1-r0
8.11.1-r1
8.11.1-r2
8.11.2-r0
8.11.3-r0
8.11.3-r1
8.11.3-r2
8.11.3-r3
8.11.4-r0
8.12.0-r0
10.*
10.13.0-r0
10.14.0-r0
10.14.1-r0
10.14.2-r0
10.15.1-r0
10.15.3-r0
10.16.0-r0
10.16.1-r0
10.16.2-r0
10.16.3-r0
12.*
12.13.0-r0
12.13.0-r1
12.13.1-r0
12.14.0-r0
12.14.1-r0
12.15.0-r0
12.15.0-r1
12.15.0-r2
12.16.2-r0
12.16.3-r0
12.16.3-r1
12.17.0-r0
12.18.0-r0
12.18.0-r1
12.18.0-r2
12.18.2-r0
12.18.3-r0
12.18.4-r0
12.19.0-r0
14.*
14.15.1-r0
14.15.3-r0
14.15.3-r1
14.15.3-r2
Alpine:v3.17 / nodejs
Package
- Name
- nodejs
- Purl
- pkg:apk/alpine/nodejs?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed14.15.4-r0
Affected versions
4.*
4.4.3-r0
4.4.4-r0
4.4.5-r0
4.4.7-r0
4.5.0-r0
6.*
6.9.1-r0
6.9.1-r1
6.9.2-r0
6.9.4-r0
6.9.4-r1
6.9.5-r0
6.9.5-r1
6.10.0-r0
6.10.1-r0
6.10.3-r0
6.11.0-r0
6.11.1-r0
6.11.1-r1
6.11.1-r2
6.11.2-r0
6.11.3-r0
6.11.4-r0
6.11.5-r0
8.*
8.9.0-r0
8.9.1-r0
8.9.2-r0
8.9.3-r0
8.9.3-r1
8.9.4-r0
8.10.0-r0
8.11.0-r0
8.11.0-r1
8.11.1-r0
8.11.1-r1
8.11.1-r2
8.11.2-r0
8.11.3-r0
8.11.3-r1
8.11.3-r2
8.11.3-r3
8.11.4-r0
8.12.0-r0
10.*
10.13.0-r0
10.14.0-r0
10.14.1-r0
10.14.2-r0
10.15.1-r0
10.15.3-r0
10.16.0-r0
10.16.1-r0
10.16.2-r0
10.16.3-r0
12.*
12.13.0-r0
12.13.0-r1
12.13.1-r0
12.14.0-r0
12.14.1-r0
12.15.0-r0
12.15.0-r1
12.15.0-r2
12.16.2-r0
12.16.3-r0
12.16.3-r1
12.17.0-r0
12.18.0-r0
12.18.0-r1
12.18.0-r2
12.18.2-r0
12.18.3-r0
12.18.4-r0
12.19.0-r0
14.*
14.15.1-r0
14.15.3-r0
14.15.3-r1
14.15.3-r2
Alpine:v3.18 / nodejs
Package
- Name
- nodejs
- Purl
- pkg:apk/alpine/nodejs?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed14.15.4-r0
Affected versions
4.*
4.4.3-r0
4.4.4-r0
4.4.5-r0
4.4.7-r0
4.5.0-r0
6.*
6.9.1-r0
6.9.1-r1
6.9.2-r0
6.9.4-r0
6.9.4-r1
6.9.5-r0
6.9.5-r1
6.10.0-r0
6.10.1-r0
6.10.3-r0
6.11.0-r0
6.11.1-r0
6.11.1-r1
6.11.1-r2
6.11.2-r0
6.11.3-r0
6.11.4-r0
6.11.5-r0
8.*
8.9.0-r0
8.9.1-r0
8.9.2-r0
8.9.3-r0
8.9.3-r1
8.9.4-r0
8.10.0-r0
8.11.0-r0
8.11.0-r1
8.11.1-r0
8.11.1-r1
8.11.1-r2
8.11.2-r0
8.11.3-r0
8.11.3-r1
8.11.3-r2
8.11.3-r3
8.11.4-r0
8.12.0-r0
10.*
10.13.0-r0
10.14.0-r0
10.14.1-r0
10.14.2-r0
10.15.1-r0
10.15.3-r0
10.16.0-r0
10.16.1-r0
10.16.2-r0
10.16.3-r0
12.*
12.13.0-r0
12.13.0-r1
12.13.1-r0
12.14.0-r0
12.14.1-r0
12.15.0-r0
12.15.0-r1
12.15.0-r2
12.16.2-r0
12.16.3-r0
12.16.3-r1
12.17.0-r0
12.18.0-r0
12.18.0-r1
12.18.0-r2
12.18.2-r0
12.18.3-r0
12.18.4-r0
12.19.0-r0
14.*
14.15.1-r0
14.15.3-r0
14.15.3-r1
14.15.3-r2
Alpine:v3.19 / nodejs
Package
- Name
- nodejs
- Purl
- pkg:apk/alpine/nodejs?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed14.15.4-r0
Affected versions
4.*
4.4.3-r0
4.4.4-r0
4.4.5-r0
4.4.7-r0
4.5.0-r0
6.*
6.9.1-r0
6.9.1-r1
6.9.2-r0
6.9.4-r0
6.9.4-r1
6.9.5-r0
6.9.5-r1
6.10.0-r0
6.10.1-r0
6.10.3-r0
6.11.0-r0
6.11.1-r0
6.11.1-r1
6.11.1-r2
6.11.2-r0
6.11.3-r0
6.11.4-r0
6.11.5-r0
8.*
8.9.0-r0
8.9.1-r0
8.9.2-r0
8.9.3-r0
8.9.3-r1
8.9.4-r0
8.10.0-r0
8.11.0-r0
8.11.0-r1
8.11.1-r0
8.11.1-r1
8.11.1-r2
8.11.2-r0
8.11.3-r0
8.11.3-r1
8.11.3-r2
8.11.3-r3
8.11.4-r0
8.12.0-r0
10.*
10.13.0-r0
10.14.0-r0
10.14.1-r0
10.14.2-r0
10.15.1-r0
10.15.3-r0
10.16.0-r0
10.16.1-r0
10.16.2-r0
10.16.3-r0
12.*
12.13.0-r0
12.13.0-r1
12.13.1-r0
12.14.0-r0
12.14.1-r0
12.15.0-r0
12.15.0-r1
12.15.0-r2
12.16.2-r0
12.16.3-r0
12.16.3-r1
12.17.0-r0
12.18.0-r0
12.18.0-r1
12.18.0-r2
12.18.2-r0
12.18.3-r0
12.18.4-r0
12.19.0-r0
14.*
14.15.1-r0
14.15.3-r0
14.15.3-r1
14.15.3-r2
Alpine:v3.20 / nodejs
Package
- Name
- nodejs
- Purl
- pkg:apk/alpine/nodejs?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed14.15.4-r0
Affected versions
4.*
4.4.3-r0
4.4.4-r0
4.4.5-r0
4.4.7-r0
4.5.0-r0
6.*
6.9.1-r0
6.9.1-r1
6.9.2-r0
6.9.4-r0
6.9.4-r1
6.9.5-r0
6.9.5-r1
6.10.0-r0
6.10.1-r0
6.10.3-r0
6.11.0-r0
6.11.1-r0
6.11.1-r1
6.11.1-r2
6.11.2-r0
6.11.3-r0
6.11.4-r0
6.11.5-r0
8.*
8.9.0-r0
8.9.1-r0
8.9.2-r0
8.9.3-r0
8.9.3-r1
8.9.4-r0
8.10.0-r0
8.11.0-r0
8.11.0-r1
8.11.1-r0
8.11.1-r1
8.11.1-r2
8.11.2-r0
8.11.3-r0
8.11.3-r1
8.11.3-r2
8.11.3-r3
8.11.4-r0
8.12.0-r0
10.*
10.13.0-r0
10.14.0-r0
10.14.1-r0
10.14.2-r0
10.15.1-r0
10.15.3-r0
10.16.0-r0
10.16.1-r0
10.16.2-r0
10.16.3-r0
12.*
12.13.0-r0
12.13.0-r1
12.13.1-r0
12.14.0-r0
12.14.1-r0
12.15.0-r0
12.15.0-r1
12.15.0-r2
12.16.2-r0
12.16.3-r0
12.16.3-r1
12.17.0-r0
12.18.0-r0
12.18.0-r1
12.18.0-r2
12.18.2-r0
12.18.3-r0
12.18.4-r0
12.19.0-r0
14.*
14.15.1-r0
14.15.3-r0
14.15.3-r1
14.15.3-r2
Debian:11 / http-parser
Package
- Name
- http-parser
- Purl
- pkg:deb/debian/http-parser?arch=source
Debian:12 / http-parser
Package
- Name
- http-parser
- Purl
- pkg:deb/debian/http-parser?arch=source
Debian:13 / http-parser
Package
- Name
- http-parser
- Purl
- pkg:deb/debian/http-parser?arch=source
Debian:11 / nodejs
Package
- Name
- nodejs
- Purl
- pkg:deb/debian/nodejs?arch=source
Debian:12 / nodejs
Package
- Name
- nodejs
- Purl
- pkg:deb/debian/nodejs?arch=source
Debian:13 / nodejs
Package
- Name
- nodejs
- Purl
- pkg:deb/debian/nodejs?arch=source