Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The…
hackerone·CWE-444·Published 2020-09-18
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.
Node.js versiones anteriores a 12.18.4 y versiones anteriores a 14.11, pueden ser explotado para llevar a cabo ataques de desincronización HTTP y entregar cargas útiles maliciosas a usuarios desprevenidos. Las cargas útiles pueden ser diseñadas por un atacante para secuestrar sesiones de usuario, envenenar cookies, llevar a cabo secuestro del click y una multitud de otros ataques dependiendo de la arquitectura del sistema subyacente. El ataque fue posible debido a un error en el procesamiento de los símbolos carrier-return en los nombres de encabezado HTTP
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 5.8 | 8.6 | 4.9 | AV:N/AC:M/Au:N/C:P/I:P/A:N |
| 3.1 | Primary | NVD | 7.4 | 2.2 | 5.2 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |