NOMISEC-progfay/nodejs-http-transfer-encoding-smuggling-poc

NOMISEC WORKING POC

Exploit for CVE-2020-8287 - Node.js <10.23.1, 12.20.1, 14.15.4, 15.5.1 - SSRF

AI Analysis

This repository contains a functional proof-of-concept for CVE-2020-8287, demonstrating HTTP request smuggling in Node.js via malformed Transfer-Encoding headers. The exploit leverages duplicate headers to bypass parsing logic, allowing an attacker to smuggle requests.

Attack Type

other

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1189 - Drive-by Compromise

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type poc

Files 8

https://github.com/progfay/nodejs-http-transfer-encoding-smuggling-poc

Stars 2

Forks 0

Last Push Jan 06, 2021

Authors

progfay

Vulnerability

CVE-2020-8287

Node.js <10.23.1, 12.20.1, 14.15.4, 15.5.1 - SSRF

MEDIUM

CVSS 6.5