CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-27982

Medium Severity
SVRS
30/100
CVSSv3
6.5/10
EPSS
0.00075/1

CVE-2024-27982 is a critical vulnerability in the HTTP server of the latest Node version, allowing for HTTP request smuggling. This occurs because malformed headers, specifically a space before the 'content-length' header, are not correctly parsed. This allows attackers to inject a second, malicious request within the body of an initial, legitimate request. With an SVRS of 30, while not immediately critical, this security flaw should be addressed as part of routine patching and vulnerability management. The presence of this vulnerability can lead to server compromise, data theft, and other severe attacks. Correctly configured and patched servers are not vulnerable, but default installations may require review.

TAGS
In The Wild
VECTOR STRING
CVSS:3.0
AV:N
AC:L
PR:N
UI:N
S:U
C:N
I:L
A:L
PUBLICATION DATE2024-05-07
LAST MODIFIED2025-04-19

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-27982 | Node.js up to 18.20.0/20.12.0/21.7.2 Header Content-Length request smuggling (Nessus ID 211049)
vuldb.com2025-03-29
CVE-2024-27982 | Node.js up to 18.20.0/20.12.0/21.7.2 Header Content-Length request smuggling (Nessus ID 211049) | A vulnerability, which was classified as critical, has been found in Node.js up to 18.20.0/20.12.0/21.7.2. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument Content-Length leads to http request smuggling. This vulnerability is handled as <a href="https://vuldb.com/?source_cve.263378
vuldb.com
rss
forum
news
Siemens SINEC INS
CISA2024-11-14
Siemens SINEC INS | As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory.&nbsp;For the most up-to-date information on vulnerabilities in this advisory, please see&nbsp;Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF
cisa.gov
rss
forum
news
CVE-2024-27982 | Node.js up to 18.20.0/20.12.0/21.7.2 Header Content-Length request smuggling
vuldb.com2024-05-07
CVE-2024-27982 | Node.js up to 18.20.0/20.12.0/21.7.2 Header Content-Length request smuggling | A vulnerability, which was classified as critical, has been found in Node.js up to 18.20.0/20.12.0/21.7.2. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument Content-Length leads to http request smuggling. This vulnerability is handled as CVE-2024
cve-2024-27982
domains
urls
cves

Social Media

No tweets found for this CVE

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://hackerone.com/reports/2237099
AF854A3A-2127-422B-91AE-364DA2661108https://hackerone.com/reports/2237099
[email protected]https://hackerone.com/reports/2237099
AF854A3A-2127-422B-91AE-364DA2661108https://hackerone.com/reports/2237099
AF854A3A-2127-422B-91AE-364DA2661108https://security.netapp.com/advisory/ntap-20250418-0001/
[email protected]https://hackerone.com/reports/2237099

CWE Details

CWE IDCWE NameDescription
CWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to smuggle a request to one device without the other device being aware of it.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence