Skip to content

Commit

Permalink
doc: fixup security release announcement
Browse files Browse the repository at this point in the history 
- Fixup date show is show in news properly
- Add severity of second vulnerability

Signed-off-by: Michael Dawson <mdawson@devrus.com>
  • Loading branch information
@mhdawson @nschonni
mhdawson authored and nschonni committed Jan 5, 2021
1 parent 56862b6 commit d39b1db
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions locale/en/blog/vulnerability/january-2021-security-releases.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
date: 2020-01-04T19:00:00.000Z
date: 2021-01-04T19:30:00.000Z
category: vulnerability
title: January 2021 Security Releases
slug: january-2021-security-releases
Expand All @@ -26,7 +26,7 @@ Impacts:

Thank you to Felix Wilhelm from Google Project Zero for reporting this vulnerability.

### HTTP Request Smuggling in nodejs (CVE-2020-8287)
### HTTP Request Smuggling in nodejs (Low) (CVE-2020-8287)

Affected versions of Node.js allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html).

Expand Down

0 comments on commit d39b1db

Please sign in to comment.