CVE-2016-5325
MEDIUM6.1EPSS 0.98%Published: 10/10/2016Modified: 4/28/2026
Also known as:DEBIAN-CVE-2016-5325
Description
CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.
Affected packages (1)
- Debian/nodejsfrom 0, < 4.6.0~dfsg-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |