Strix
26.1K

CVE-2024-27982

UnknownEPSS 1.16%

Last modified

CVE-2024-27982 is a vulnerability of currently unknown severity. The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.. EPSS estimates a 1.16% chance of exploitation in the next 30 days.

Description

The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.

Metrics

EPSS Probability
1.16%

63.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

References

Timeline

Published
Last Modified
Status
Deferred

Frequently Asked Questions

What is CVE-2024-27982?
The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.
How severe is CVE-2024-27982?
Severity scoring for CVE-2024-27982 is pending analysis. The EPSS model estimates a 1.16% probability of exploitation in the next 30 days.
How do I fix CVE-2024-27982?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-27982?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST