CVE-2016-5325

Priority
Description
CRLF injection vulnerability in the ServerResponse#writeHead function in
Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and
6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers
and conduct HTTP response splitting attacks via the reason argument.
Assigned-to
mikesalvatore
Notes
Package
Upstream:released (4.6.0~dfsg-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):released ([0.10.25~dfsg2-2ubuntu1.2])
Ubuntu 16.04 LTS (Xenial Xerus):released (4.2.6~dfsg-1ubuntu4.2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (8.10.0~dfsg-2)
More Information

Updated: 2020-01-13 15:24:09 UTC (commit 90723a0b01ce5e298eabd267cf209f34bbcc083d)