漏洞描述
Node.js中存在一个HTTP请求走私漏洞。该漏洞是由于对Transfer-Encoding的输入验证不当导致的。
Node.js llhttp 模块多个 Transfer-Encoding 字段请求走私漏洞
PoC代码
暂无相关漏洞推荐
-
CVE-2014-3744: Node.js st module Directory Traversal POC
2025-08-01 | Node.jsA directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attacker... -
CVE-2017-14849: Node.js <8.6.0 - Directory Traversal POC
2025-08-01 | Node.jsNode.js before 8.6.0 allows remote attackers to access unintended files because a change to "..... -
CVE-2021-21315: Node.JS System Information Library <5.3.1 - Remote Command Injection POC
2025-08-01 | Node.js System Information LibraryNode.JS System Information Library System before version 5.3.1 is susceptible to remote command inje... -
SourceCodester Pet Grooming Management Software SQL注入漏洞 无POC
2025-09-22 00:22:31 | SourceCodester Pet Grooming Management SoftwareSourceCodester Pet Grooming Management Software是SourceCodester开源的一个宠物美容管理系统。 SourceCodester Pet Groo... -
D-Link DIR-645 命令注入漏洞 无POC
2025-09-22 00:22:31 | D-Link DIR-645D-Link DIR-645是中国友讯(D-Link)公司的一款无线路由器。 D-Link DIR-645 105B01版本存在命令注入漏洞,该漏洞源于对文件/soap.cgi中参数service的错...