packages.altlinux.org
Open in
urlscan Pro
194.107.17.249
Public Scan
Submitted URL: http://packages.altlinux.org/en/vuln/CVE-2023-30589
Effective URL: https://packages.altlinux.org/en/vuln/CVE-2023-30589
Submission: On October 02 via manual from GB — Scanned from GB
Effective URL: https://packages.altlinux.org/en/vuln/CVE-2023-30589
Submission: On October 02 via manual from GB — Scanned from GB
Form analysis 1 forms found in the DOM
/en/global-search/
<form action="/en/global-search/" class="pf-c-form" id="fast_search_form" novalidate=""><label class="pf-u-display-none" for="input-branch"></label><input class="pf-u-display-none" id="input-branch" name="branch" value="sisyphus">
<div class="pf-c-search-input">
<div class="pf-c-input-group">
<div><label for="form-find-by" hidden=""></label><select class="pf-c-form-control" id="form-find-by" name="find_by">
<option value="packages">Packages</option>
<option value="tasks">Tasks</option>
<option value="files">Files</option>
<option value="maintainers">Maintainers</option>
</select></div>
<div class="pf-c-search-input__bar pf-c-input-group pf-u-display-flex"><span class="pf-c-search-input__text pf-u-display-flex"> <span class="pf-c-search-input__icon"> <svg viewBox="0 0 24 24" fill="currentColor" height="1em"
style="vertical-align:-.125em" width="1em" xmlns="http://www.w3.org/2000/svg">
<path
d="M10 5C7.23858 5 5 7.23858 5 10C5 12.7614 7.23858 15 10 15C11.381 15 12.6296 14.4415 13.5355 13.5355C14.4415 12.6296 15 11.381 15 10C15 7.23858 12.7614 5 10 5ZM3 10C3 6.13401 6.13401 3 10 3C13.866 3 17 6.13401 17 10C17 11.5719 16.481 13.0239 15.6063 14.1921L20.7071 19.2929C21.0976 19.6834 21.0976 20.3166 20.7071 20.7071C20.3166 21.0976 19.6834 21.0976 19.2929 20.7071L14.1921 15.6063C13.0239 16.481 11.5719 17 10 17C6.13401 17 3 13.866 3 10Z"
clip-rule="evenodd" fill-rule="evenodd"></path>
</svg> </span> <input aria-label="Keyword search" class="pf-c-search-input__text-input move" placeholder="Find errata by ID, vuln ID and package name" autocomplete="off" data-get-url="/en/ajax/search/" id="input-fast-search" name="q">
<button class="pf-c-button pf-m-control" aria-label="Search"><i class="fas fa-arrow-right" aria-hidden="true"></i></button> </span></div>
<div class="pf-c-search-input__menu fast-search-block" id="result_search_list">
<ul class="pf-c-search-input__menu-list pf-u-pt-0 pf-u-pb-0">
<li class="pf-c-select__list-item pf-m-loading" id="global-search-preloader" role="presentation" style="display:none"><span aria-label="Loading items" class="pf-c-spinner pf-m-lg" role="progressbar"> <span
class="pf-c-spinner__clipper"></span> <span class="pf-c-spinner__lead-ball"></span> <span class="pf-c-spinner__tail-ball"></span> </span></li>
<div id="list-global-search"></div>
</ul>
</div>
</div>
</div>
</form>Text Content
PackagesTasksFilesMaintainers * EN * EN * RU * Last changes * Packages * Images * Maintainers * Security * Tasks * About repository * Wiki * Mailing List * Last changes * Packages * Images * Maintainers * Security * Tasks * About repository * Wiki * Mailing List VULNERABILITY CVE-2023-30589: INFORMATION DESCRIPTION The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20 Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N URL: https://nvd.nist.gov/vuln/detail/CVE-2023-30589 Published: July 1, 2023 Modified: Aug. 17, 2023 REFERENCES TO ADVISORIES, SOLUTIONS, AND TOOLS Hyperlink Resource https://hackerone.com/reports/2001873 * Exploit * Issue Tracking * Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5/ * Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY/ * Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE/ * Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76/ * Mailing List https://security.netapp.com/advisory/ntap-20230803-0009/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCVG4TQRGTK4LKAZKVEQAUEJM7DUACYE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF/ KNOWN AFFECTED SOFTWARE CONFIGURATIONS CONFIGURATION 1 cpe:2.3:a:nodejs:node.js:16.0.0:*:*:*:-:*:*:* -------------------------------------------------------------------------------- cpe:2.3:a:nodejs:node.js:20.0.0:*:*:*:-:*:*:* -------------------------------------------------------------------------------- cpe:2.3:a:nodejs:node.js:18.0.0:*:*:*:-:*:*:* -------------------------------------------------------------------------------- cpe:2.3:a:nodejs:node.js:20.2.0:*:*:*:-:*:*:* -------------------------------------------------------------------------------- CONFIGURATION 2 cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* -------------------------------------------------------------------------------- cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* -------------------------------------------------------------------------------- VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla Version: v23.09.13 Back to top