Last week, researchers discovered an HTTP request smuggling vulnerability in Node.js. This vulnerability affects all current and recent previous versions of Node.js, and is easy to exploit. This is only the latest in a series of CVEs discovered in the very popular Node.js in recent months.
The full list of CVEs addressed by the most recent release can be found here: https://nodejs.org/en/blog/release/v18.9.1/
What Is HTTP Request Smuggling?
HTTP request smuggling involves interfering with the way HTTP servers process HTTP requests. If a server is vulnerable to HTTP request smuggling, it will forward irregular HTTP requests to the back end.
Considered a critical vulnerability, HTTP request smuggling could allow an attacker to bypass security controls on the target server.
How to Address the Node.js Vulnerability
Updating node.js to the most recent version is the best course of action. New security releases are now available for 18.x, 16.x, and 14x release lines.
ThreatX Response to Node.js Vulnerability
The ThreatX SOC addressed this vulnerability by testing WAF functionality, and writing several rules to help monitor for this attack. The team is keeping a close eye on this space.
If you have questions or need more information, please contact us.