Important Update Node.js to 18.20.1, 20.12.1, 21.7.2 or newer

{
  "by": "dorianniemiec",
  "descendants": 0,
  "id": 40232990,
  "kids": [
    40233125
  ],
  "score": 5,
  "time": 1714627727,
  "title": "Important Update Node.js to 18.20.1, 20.12.1, 21.7.2 or newer",
  "type": "story",
  "url": "https://blog.svrjs.org/2024/04/03/IMPORTANT-Update-Node-JS-to-18-20-1-20-12-1-21-7-2-or-newer/"
}

{
  "author": null,
  "date": null,
  "description": null,
  "image": "https://cdn.sanity.io/images/ihdlodfv/production/8599aaf874cdc2b1857cb0b59fe996abebcc0b33-1920x1080.png",
  "logo": null,
  "publisher": "SVR.JS",
  "title": "IMPORTANT! Update Node.JS to 18.20.1, 20.12.1, 21.7.2 or newer! - SVR.JS",
  "url": "https://svrjs.org/blog/IMPORTANT-Update-Node-JS-to-18-20-1-20-12-1-21-7-2-or-newer"
}

{
  "url": "https://svrjs.org/blog/IMPORTANT-Update-Node-JS-to-18-20-1-20-12-1-21-7-2-or-newer",
  "title": "IMPORTANT! Update Node.JS to 18.20.1, 20.12.1, 21.7.2 or newer! - SVR.JS",
  "description": "Published on: April 3, 2024IMPORTANT! Update Node.JS to 18.20.1, 20.12.1, 21.7.2 or newer!Older versions of Node.JS had a CVE-2024-27982 vulnerability, which involves placing a space before Content-Length...",
  "links": [
    "https://svrjs.org/blog/IMPORTANT-Update-Node-JS-to-18-20-1-20-12-1-21-7-2-or-newer",
    "https://blog.svrjs.org/2024/04/03/IMPORTANT-Update-Node-JS-to-18-20-1-20-12-1-21-7-2-or-newer/"
  ],
  "image": "https://cdn.sanity.io/images/ihdlodfv/production/8599aaf874cdc2b1857cb0b59fe996abebcc0b33-1920x1080.png",
  "content": "<div><p><img alt=\"IMPORTANT! Update Node.JS to 18.20.1, 20.12.1, 21.7.2 or newer!\" srcset=\"https://svrjs.org/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fihdlodfv%2Fproduction%2F8599aaf874cdc2b1857cb0b59fe996abebcc0b33-1920x1080.png&amp;w=1200&amp;q=75 1x, https://svrjs.org/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fihdlodfv%2Fproduction%2F8599aaf874cdc2b1857cb0b59fe996abebcc0b33-1920x1080.png&amp;w=3840&amp;q=75 2x\" src=\"https://svrjs.org/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fihdlodfv%2Fproduction%2F8599aaf874cdc2b1857cb0b59fe996abebcc0b33-1920x1080.png&amp;w=3840&amp;q=75\" /></p><p>Published on: April 3, 2024</p></div><article><p><strong>IMPORTANT! Update Node.JS to 18.20.1, 20.12.1, 21.7.2 or newer!</strong></p><p>Older versions of Node.JS had a <a target=\"_blank\" href=\"https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/#http-request-smuggling-via-content-length-obfuscation---cve-2024-27982---medium\">CVE-2024-27982 vulnerability</a>, which involves placing a space before <em>Content-Length</em> header, enabling attackers to smuggle in a second request.</p><p>The original vulnerability description:</p><p><em>The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.</em></p><p>Future SVR.JS versions will warn you about this vulnerability in server logs, if you're running affected versions of Node.JS.</p></article>",
  "author": "@SVR_JS",
  "favicon": "https://svrjs.org/favicon.ico",
  "source": "svrjs.org",
  "published": "",
  "ttr": 23,
  "type": "website"
}