CVE-2016-2086

Priority
Description
Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and
5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling
attacks via a crafted Content-Length HTTP header.
Package
Upstream:released (4.3.0~dfsg-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (8.10.0~dfsg-2)
Ubuntu 19.04 (Disco Dingo):not-affected (8.11.2~dfsg-1)
Ubuntu 19.10 (Eoan):not-affected (8.11.2~dfsg-1)
More Information

Updated: 2019-08-23 07:26:52 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)