VulnerableCode Package Details - pkg:deb/debian/http-parser@2.8.1-1%2Bdeb10u2

Search for packages

Package details: pkg:deb/debian/http-parser@2.8.1-1%2Bdeb10u2

Essentials
History (2)

purl	pkg:deb/debian/http-parser@2.8.1-1%2Bdeb10u2

Next non-vulnerable version	2.9.4-4+deb11u1
Latest non-vulnerable version	2.9.4-4+deb11u1
Risk	4.4

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-2a49-wha4-zyba Aliases: CVE-2019-15605	HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed	2.9.4-4+deb11u1 Affected by 0 other vulnerabilities.
VCID-89uf-r4wj-7feq Aliases: CVE-2020-8287	Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.	2.9.4-4+deb11u1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T17:31:40.947948+00:00	Debian Oval Importer	Affected by	VCID-89uf-r4wj-7feq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:05:15.282905+00:00	Debian Oval Importer	Affected by	VCID-2a49-wha4-zyba	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0