HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "nodejs", "binary_version": "4.2.6~dfsg-1ubuntu4.2+esm2" }, { "binary_name": "nodejs-dbg", "binary_version": "4.2.6~dfsg-1ubuntu4.2+esm2" }, { "binary_name": "nodejs-dbgsym", "binary_version": "4.2.6~dfsg-1ubuntu4.2+esm2" }, { "binary_name": "nodejs-dev", "binary_version": "4.2.6~dfsg-1ubuntu4.2+esm2" }, { "binary_name": "nodejs-dev-dbgsym", "binary_version": "4.2.6~dfsg-1ubuntu4.2+esm2" }, { "binary_name": "nodejs-legacy", "binary_version": "4.2.6~dfsg-1ubuntu4.2+esm2" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "nodejs", "binary_version": "8.10.0~dfsg-2ubuntu0.4+esm2" }, { "binary_name": "nodejs-dbgsym", "binary_version": "8.10.0~dfsg-2ubuntu0.4+esm2" }, { "binary_name": "nodejs-dev", "binary_version": "8.10.0~dfsg-2ubuntu0.4+esm2" }, { "binary_name": "nodejs-doc", "binary_version": "8.10.0~dfsg-2ubuntu0.4+esm2" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "libnode-dev", "binary_version": "10.19.0~dfsg-3ubuntu1" }, { "binary_name": "libnode64", "binary_version": "10.19.0~dfsg-3ubuntu1" }, { "binary_name": "libnode64-dbgsym", "binary_version": "10.19.0~dfsg-3ubuntu1" }, { "binary_name": "nodejs", "binary_version": "10.19.0~dfsg-3ubuntu1" }, { "binary_name": "nodejs-dbgsym", "binary_version": "10.19.0~dfsg-3ubuntu1" }, { "binary_name": "nodejs-doc", "binary_version": "10.19.0~dfsg-3ubuntu1" } ] }