Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.
{ "binaries": [ { "binary_name": "nodejs", "binary_version": "4.2.6~dfsg-1ubuntu4.2+esm2" }, { "binary_name": "nodejs-dev", "binary_version": "4.2.6~dfsg-1ubuntu4.2+esm2" }, { "binary_name": "nodejs-legacy", "binary_version": "4.2.6~dfsg-1ubuntu4.2+esm2" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }
{ "binaries": [ { "binary_name": "libnode-dev", "binary_version": "10.19.0~dfsg-3ubuntu1.1" }, { "binary_name": "libnode64", "binary_version": "10.19.0~dfsg-3ubuntu1.1" }, { "binary_name": "nodejs", "binary_version": "10.19.0~dfsg-3ubuntu1.1" } ], "availability": "No subscription required" }