Search for packages
| purl | pkg:alpm/archlinux/nodejs-lts-hydrogen@18.18.2-2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2sh1-yqq9-aaah
Aliases: CVE-2024-27983 |
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition. |
Affected by 0 other vulnerabilities. |
|
VCID-qnpk-1b3c-aaah
Aliases: CVE-2024-27982 |
The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-09-18T02:00:05.126961+00:00 | Arch Linux Importer | Affected by | VCID-qnpk-1b3c-aaah | https://security.archlinux.org/AVG-2854 | 34.0.1 |
| 2024-09-18T02:00:05.105385+00:00 | Arch Linux Importer | Affected by | VCID-2sh1-yqq9-aaah | https://security.archlinux.org/AVG-2854 | 34.0.1 |
| 2024-04-23T19:47:30.557002+00:00 | Arch Linux Importer | Affected by | VCID-qnpk-1b3c-aaah | https://security.archlinux.org/AVG-2854 | 34.0.0rc4 |
| 2024-04-23T19:47:30.536347+00:00 | Arch Linux Importer | Affected by | VCID-2sh1-yqq9-aaah | https://security.archlinux.org/AVG-2854 | 34.0.0rc4 |