Vulnerabilities

CVE-2016-2216

by Fred · 07/04/2016

The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.

Date published : 2016-04-07

http://www.securityfocus.com/bid/83141

https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/

Similar

Tags: Cybersecurity Alert