Node.js fixes multiple bugs that could lead to RCE, HTTP request smuggling


The developers of Node.js have made a number of updates to address flaws in the JavaScript runtime environment that might permit, among other things, arbitrary code execution and HTTP request smuggling.

These three flaws, which are identified as CVE-2022-32213 for wrong transfer-encoding parsing, CVE-2022-32214 for incorrect header field delimitation, and CVE-2022-32215 for incorrect multi-line transfer-encoding parsing, might all result in HTTP request smuggling. Read More…