Endpoint Vulnerability

CVE-2019-15605nodejs: HTTP request smuggling using malformed Transfer-Encoding header

Description

A flaw was found in the Node.js code where a specially crafted HTTP(s) request sent to a Node.js server failed to properly process the HTTP(s) headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is deployed behind a proxy server that reuses connections.

Affected Products

nodejs

References

CVE-2019-15605,