mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-25 16:47:53 +02:00
0xMarcio
2.1 KiB
2.1 KiB
CVE-2020-8287
&color=brightgreen)
Description
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.
POC
Reference
Github
- https://github.com/20142995/nuclei-templates
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Live-Hack-CVE/CVE-2020-8287
- https://github.com/cyb3r-w0lf/nuclei-template-collection
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/progfay/nodejs-http-transfer-encoding-smuggling-poc
- https://github.com/soosmile/POC