Nodejs/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2024-11-21 10:59:27 +00:00
Code Issues Actions 25 Packages Projects Releases Wiki Activity
f8b9831338
node/deps
History
Matteo Collina 051154e0e6
http: unset F_CHUNKED on new Transfer-Encoding 
Duplicate `Transfer-Encoding` header should be a treated as a single,
but with original header values concatenated with a comma separator. In
the light of this, even if the past `Transfer-Encoding` ended with
`chunked`, we should be not let the `F_CHUNKED` to leak into the next
header, because mere presence of another header indicates that `chunked`
is not the last transfer-encoding token.

CVE-ID: CVE-2020-8287
Refs: https://github.com/nodejs-private/llhttp-private/pull/3
Refs: https://hackerone.com/bugs?report_id=1002188&subject=nodejs
PR-URL: https://github.com/nodejs-private/node-private/pull/228
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2021-01-04 16:56:30 +00:00
..
acorn deps: update acorn to v8.0.4 2020-10-27 03:26:56 +00:00
acorn-plugins deps: update acorn to v8.0.4 2020-10-27 03:26:56 +00:00
brotli
cares deps: update to c-ares 1.17.1 2020-12-16 05:48:29 -08:00
cjs-module-lexer deps: upgrade to cjs-module-lexer@1.0.0 2020-11-02 10:24:04 -08:00
histogram
icu-small deps: update ICU to 68.1 2020-11-22 20:58:08 +00:00
llhttp http: unset F_CHUNKED on new Transfer-Encoding 2021-01-04 16:56:30 +00:00
nghttp2
nghttp3
ngtcp2
node-inspect
npm deps: upgrade npm to 7.3.0 2020-12-21 14:29:20 +01:00
openssl deps: update archs files for OpenSSL-1.1.1i 2020-12-16 21:49:42 -05:00
uv
uvwasi
v8 deps: V8: cherry-pick dfcdf7837e23 2020-12-24 18:06:58 +00:00
zlib build: fix zlib inlining for IA-32 2020-11-09 12:35:42 -08:00