What the vulnerability does

01Description

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

Key dates

02Disclosure timeline

February 7, 2020 CVE published
April 30, 2025 Record updated

Related vulnerabilities

04Related CVE