MGASA-2016-0080
- Source
- https://advisories.mageia.org/MGASA-2016-0080.html
- Import Source
- https://advisories.mageia.org/MGASA-2016-0080.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2016-0080
- Related
- Published
- 2016-02-19T08:40:43Z
- Modified
- 2016-02-19T08:35:10Z
- Summary
- Updated nodejs packages fix security vulnerability
- Details
-
A request smuggling vulnerability was found in Node.js that can be exploited under certain unspecified circumstances (CVE-2016-2086).
It was reported that HTTP header parsing in Node.js is vulnerable to response splitting attacks. While Node.js has been protecting against response splitting attacks by checking for CRLF characters, it is possible to compose response headers using Unicode characters that decompose to these characters, bypassing the checks previously in place (CVE-2016-2216).
- References
-
- https://advisories.mageia.org/MGASA-2016-0080.html
- https://bugs.mageia.org/show_bug.cgi?id=17779
- https://nodejs.org/en/blog/release/v0.10.42/
- https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/
- https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177184.html
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / nodejs
Package
- Name
- nodejs
- Purl
- pkg:rpm/mageia/nodejs?distro=mageia-5