JavaScript News

HTTP Server Security Vulnerability: Please upgrade to 0.6.17

May 7th, 2012

tl;dr A carefully crafted attack request can cause the contents of the HTTP parser’s buffer to be appended to the attacking request’s header, making it appear to come from the attacker. Since it is generally safe to echo back contents of a request, this can allow an attacker to get an otherwise correctly designed server…