CVE-2020-7764

Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) in npm/find-my-way

Identifiers

CVE-2020-7764

Package Slug

npm/find-my-way

Vulnerability

Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)

Description

This affects the package find-my-way, from It accepts the Accept-Version header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack.

Affected Versions

All versions before 2.2.5, all versions starting from 3.0.0 before 3.0.5

Solution

Upgrade to versions 2.2.5, 3.0.5 or above.

Last Modified

2020-11-17

source