CVE-2016-5325
MEDIUM6.1EPSS 0.98%發布日:2016/10/10修改日:2026/4/28
也稱為:DEBIAN-CVE-2016-5325
描述
CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.
受影響套件(1)
- Debian/nodejsfrom 0, < 4.6.0~dfsg-1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |