Search for vulnerabilities
Vulnerability details: VCID-qnpk-1b3c-aaah
Vulnerability ID VCID-qnpk-1b3c-aaah
Aliases CVE-2024-27982
Summary The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
System Score Found at
cvssv3 6.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27982.json
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00075 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00411 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00411 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00411 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00411 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00411 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00411 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00411 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00411 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00411 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00411 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00411 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00411 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00411 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00411 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.00411 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
epss 0.01471 https://api.first.org/data/v1/epss?cve=CVE-2024-27982
cvssv3.1 6.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux High https://security.archlinux.org/AVG-2852
archlinux High https://security.archlinux.org/AVG-2853
archlinux High https://security.archlinux.org/AVG-2854
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27982.json
https://api.first.org/data/v1/epss?cve=CVE-2024-27982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27982
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://hackerone.com/reports/2237099
https://security.netapp.com/advisory/ntap-20250418-0001/
1068347 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068347
2275392 https://bugzilla.redhat.com/show_bug.cgi?id=2275392
AVG-2852 https://security.archlinux.org/AVG-2852
AVG-2853 https://security.archlinux.org/AVG-2853
AVG-2854 https://security.archlinux.org/AVG-2854
CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982
GLSA-202505-11 https://security.gentoo.org/glsa/202505-11
RHSA-2024:2778 https://access.redhat.com/errata/RHSA-2024:2778
RHSA-2024:2779 https://access.redhat.com/errata/RHSA-2024:2779
RHSA-2024:2780 https://access.redhat.com/errata/RHSA-2024:2780
RHSA-2024:2853 https://access.redhat.com/errata/RHSA-2024:2853
RHSA-2024:2910 https://access.redhat.com/errata/RHSA-2024:2910
RHSA-2024:3545 https://access.redhat.com/errata/RHSA-2024:3545
RHSA-2024:4559 https://access.redhat.com/errata/RHSA-2024:4559
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27982.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.09902
EPSS Score 0.00043
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-04-23T17:52:14.892878+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/edge/community.json 34.0.0rc4