CVE-2020-7764
npm/find-my-way
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
This affects the package find-my-way, from It accepts the Accept-Version
header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version
can be used as an unkeyed header in a cache poisoning attack.
All versions before 2.2.5, all versions starting from 3.0.0 before 3.0.5
Upgrade to versions 2.2.5, 3.0.5 or above.
2020-11-17
source |