[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-30589":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":28,"duplicate_of":9,"upstream":32,"downstream":33,"duplicates":76,"related":77,"reserved_at":9,"published_at":96,"modified_at":97,"state":98,"summary":99,"references_raw":107,"kevs":201,"epss":202,"epss_history":205,"metrics":463,"affected":471},"CVE-2023-30589","The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).\r\n\r\nThe CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-OTHER","Other","NVD uses this CWE ID when the weakness does not map to any existing CWE entry.","placeholder","NVD-Reserved",[],[19],{"_key":20,"name":21,"source":22,"url":23,"maturity":24,"reliability_score":25,"verified":26,"type":9,"platforms":27,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_D4D1FF8CBBE940AB","Exploit Reference (hackerone.com)","reference","https://hackerone.com/reports/2001873","unknown",0.2,false,[],[29,30,31],"GHSA-cggh-pq45-6h9x","BIT-node-2023-30589","BIT-node-min-2023-30589",[],[34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74],{"_key":35},"SUSE-SU-2023:2655-1",{"_key":37},"SUSE-SU-2023:2662-1",{"_key":39},"RHSA-2023:4330",{"_key":41},"RHSA-2023:4331",{"_key":43},"RHSA-2023:4536",{"_key":45},"RHSA-2023:4537",{"_key":47},"SUSE-SU-2023:2861-1",{"_key":49},"SUSE-SU-2023:3306-1",{"_key":51},"UBUNTU-CVE-2023-30589",{"_key":53},"SUSE-SU-2023:2663-1",{"_key":55},"SUSE-SU-2023:2669-1",{"_key":57},"SUSE-SU-2023:3408-1",{"_key":59},"SUSE-SU-2023:3455-1",{"_key":61},"OPENSUSE-SU-2024:13021-1",{"_key":63},"DLA-3886-1",{"_key":65},"DSA-5589-1",{"_key":67},"MGASA-2023-0226",{"_key":69},"DEBIAN-CVE-2023-30589",{"_key":71},"USN-6735-1",{"_key":73},"RHSA-2023:5361",{"_key":75},"RHSA-2023:5533",[],[78,79,80,81,82,83,84,85,86,87,88,90,92,94],{"_key":35},{"_key":37},{"_key":47},{"_key":49},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":67},{"_key":89},"CGA-22H6-36XC-F6JC",{"_key":91},"CGA-PVMR-F89H-P2HH",{"_key":93},"CGA-VXM5-G5PX-H6XX",{"_key":95},"CGA-QMJJ-5XGH-8M5X","2023-06-30T23:39:59.161Z","2025-11-04T16:10:09.729Z","Modified",{"cisa_kev":26,"cisa_ransomware":26,"cisa_vendor":9,"epss_severity":100,"epss_score":101,"severity":102,"severity_score":103,"severity_version":104,"severity_source":105,"severity_vector":106,"severity_status":98},"low",0.01916,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",[108,117,122,126,130,134,138,143,147,151,155,160,165,169,173,177,181,185,189,193,197],{"url":23,"sources":109,"tags":112},[110,105,111],"cve.org","osv_npm",[113,114,115,116],"Exploit","Issue Tracking","Third Party Advisory","WEB",{"url":118,"sources":119,"tags":120},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5/",[110,105],[121],"Mailing List",{"url":123,"sources":124,"tags":125},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY/",[110,105],[121],{"url":127,"sources":128,"tags":129},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76/",[110,105],[121],{"url":131,"sources":132,"tags":133},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE/",[110,105],[121],{"url":135,"sources":136,"tags":137},"https://security.netapp.com/advisory/ntap-20230803-0009/",[110,105],[115],{"url":139,"sources":140,"tags":141},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCVG4TQRGTK4LKAZKVEQAUEJM7DUACYE/",[110,105],[142,115],"Patch",{"url":144,"sources":145,"tags":146},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF/",[110,105],[142,115],{"url":148,"sources":149,"tags":150},"https://security.netapp.com/advisory/ntap-20240621-0006/",[110,105],[],{"url":152,"sources":153,"tags":154},"https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html",[110,105,111],[116],{"url":156,"sources":157,"tags":158},"https://nvd.nist.gov/vuln/detail/CVE-2023-30589",[111],[159],"Advisory",{"url":161,"sources":162,"tags":163},"https://github.com/nodejs/llhttp",[111],[164],"PACKAGE",{"url":166,"sources":167,"tags":168},"https://github.com/nodejs/llhttp/releases/tag/release%2Fv8.1.1",[111],[116],{"url":170,"sources":171,"tags":172},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE",[111],[116],{"url":174,"sources":175,"tags":176},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF",[111],[116],{"url":178,"sources":179,"tags":180},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY",[111],[116],{"url":182,"sources":183,"tags":184},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCVG4TQRGTK4LKAZKVEQAUEJM7DUACYE",[111],[116],{"url":186,"sources":187,"tags":188},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5",[111],[116],{"url":190,"sources":191,"tags":192},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76",[111],[116],{"url":194,"sources":195,"tags":196},"https://security.netapp.com/advisory/ntap-20230803-0009",[111],[116],{"url":198,"sources":199,"tags":200},"https://security.netapp.com/advisory/ntap-20240621-0006",[111],[116],[],{"date":203,"score":101,"percentile":204},"2026-06-04",0.83646,[206,209,212,215,218,221,223,226,229,232,235,238,241,244,246,250,253,256,259,263,266,269,272,275,277,280,283,286,290,293,296,298,301,304,306,309,312,315,318,321,324,327,330,333,336,339,342,345,348,351,354,357,360,362,365,368,371,374,377,380,383,385,388,391,393,396,398,401,403,405,407,410,413,416,419,422,424,426,429,431,434,437,440,443,446,449,451,454,457,460],{"date":207,"score":101,"percentile":208},"2025-11-04",0.82718,{"date":210,"score":101,"percentile":211},"2025-11-05",0.82722,{"date":213,"score":101,"percentile":214},"2025-11-06",0.82725,{"date":216,"score":101,"percentile":217},"2025-11-07",0.82736,{"date":219,"score":101,"percentile":220},"2025-11-08",0.82741,{"date":222,"score":101,"percentile":217},"2025-11-09",{"date":224,"score":101,"percentile":225},"2025-11-10",0.8273,{"date":227,"score":101,"percentile":228},"2025-11-11",0.82739,{"date":230,"score":101,"percentile":231},"2025-11-12",0.82748,{"date":233,"score":101,"percentile":234},"2025-11-13",0.82751,{"date":236,"score":101,"percentile":237},"2025-11-14",0.82755,{"date":239,"score":101,"percentile":240},"2025-11-15",0.82746,{"date":242,"score":101,"percentile":243},"2025-11-16",0.8275,{"date":245,"score":101,"percentile":231},"2025-11-17",{"date":247,"score":248,"percentile":249},"2025-11-18",0.09462,0.91991,{"date":251,"score":248,"percentile":252},"2025-11-19",0.91994,{"date":254,"score":248,"percentile":255},"2025-11-20",0.91998,{"date":257,"score":101,"percentile":258},"2025-11-21",0.8276,{"date":260,"score":261,"percentile":262},"2025-11-22",0.01767,0.82065,{"date":264,"score":261,"percentile":265},"2025-11-23",0.82059,{"date":267,"score":261,"percentile":268},"2025-11-24",0.82057,{"date":270,"score":261,"percentile":271},"2025-11-25",0.82052,{"date":273,"score":261,"percentile":274},"2025-11-26",0.82053,{"date":276,"score":261,"percentile":265},"2025-11-27",{"date":278,"score":261,"percentile":279},"2025-11-28",0.82048,{"date":281,"score":261,"percentile":282},"2025-11-29",0.82055,{"date":284,"score":261,"percentile":285},"2025-11-30",0.8206,{"date":287,"score":288,"percentile":289},"2025-12-01",0.01135,0.77855,{"date":291,"score":288,"percentile":292},"2025-12-02",0.77864,{"date":294,"score":288,"percentile":295},"2025-12-03",0.77848,{"date":297,"score":261,"percentile":268},"2025-12-04",{"date":299,"score":261,"percentile":300},"2025-12-05",0.82064,{"date":302,"score":261,"percentile":303},"2025-12-06",0.82061,{"date":305,"score":261,"percentile":265},"2025-12-07",{"date":307,"score":261,"percentile":308},"2025-12-08",0.82063,{"date":310,"score":261,"percentile":311},"2025-12-09",0.82081,{"date":313,"score":261,"percentile":314},"2025-12-10",0.82108,{"date":316,"score":261,"percentile":317},"2025-12-11",0.82125,{"date":319,"score":261,"percentile":320},"2025-12-12",0.82135,{"date":322,"score":261,"percentile":323},"2025-12-13",0.82136,{"date":325,"score":261,"percentile":326},"2025-12-14",0.82133,{"date":328,"score":261,"percentile":329},"2025-12-15",0.8213,{"date":331,"score":261,"percentile":332},"2025-12-16",0.82141,{"date":334,"score":261,"percentile":335},"2025-12-17",0.82148,{"date":337,"score":261,"percentile":338},"2025-12-18",0.82158,{"date":340,"score":261,"percentile":341},"2025-12-19",0.82165,{"date":343,"score":261,"percentile":344},"2025-12-20",0.82157,{"date":346,"score":261,"percentile":347},"2025-12-21",0.82155,{"date":349,"score":261,"percentile":350},"2025-12-22",0.82159,{"date":352,"score":261,"percentile":353},"2025-12-23",0.82162,{"date":355,"score":261,"percentile":356},"2025-12-24",0.82171,{"date":358,"score":261,"percentile":359},"2025-12-25",0.82186,{"date":361,"score":261,"percentile":359},"2025-12-26",{"date":363,"score":261,"percentile":364},"2025-12-27",0.82214,{"date":366,"score":261,"percentile":367},"2025-12-28",0.82172,{"date":369,"score":261,"percentile":370},"2025-12-29",0.82168,{"date":372,"score":261,"percentile":373},"2025-12-30",0.82174,{"date":375,"score":261,"percentile":376},"2025-12-31",0.82187,{"date":378,"score":288,"percentile":379},"2026-01-01",0.78015,{"date":381,"score":288,"percentile":382},"2026-01-02",0.78016,{"date":384,"score":288,"percentile":379},"2026-01-03",{"date":386,"score":261,"percentile":387},"2026-01-04",0.82164,{"date":389,"score":261,"percentile":390},"2026-01-05",0.8216,{"date":392,"score":261,"percentile":387},"2026-01-06",{"date":394,"score":261,"percentile":395},"2026-01-07",0.82167,{"date":397,"score":261,"percentile":373},"2026-01-08",{"date":399,"score":261,"percentile":400},"2026-01-09",0.82175,{"date":402,"score":261,"percentile":400},"2026-01-10",{"date":404,"score":261,"percentile":367},"2026-01-11",{"date":406,"score":261,"percentile":387},"2026-01-12",{"date":408,"score":261,"percentile":409},"2026-01-13",0.82161,{"date":411,"score":261,"percentile":412},"2026-01-14",0.82182,{"date":414,"score":261,"percentile":415},"2026-01-15",0.8218,{"date":417,"score":261,"percentile":418},"2026-01-16",0.8219,{"date":420,"score":261,"percentile":421},"2026-01-17",0.82192,{"date":423,"score":261,"percentile":418},"2026-01-18",{"date":425,"score":261,"percentile":359},"2026-01-19",{"date":427,"score":261,"percentile":428},"2026-01-20",0.82185,{"date":430,"score":261,"percentile":421},"2026-01-21",{"date":432,"score":261,"percentile":433},"2026-01-22",0.82199,{"date":435,"score":261,"percentile":436},"2026-01-23",0.82223,{"date":438,"score":261,"percentile":439},"2026-01-24",0.82229,{"date":441,"score":261,"percentile":442},"2026-01-25",0.8222,{"date":444,"score":261,"percentile":445},"2026-01-26",0.82217,{"date":447,"score":261,"percentile":448},"2026-01-27",0.82216,{"date":450,"score":261,"percentile":445},"2026-01-28",{"date":452,"score":261,"percentile":453},"2026-01-29",0.82218,{"date":455,"score":261,"percentile":456},"2026-01-30",0.82225,{"date":458,"score":261,"percentile":459},"2026-01-31",0.8223,{"date":461,"score":288,"percentile":462},"2026-02-01",0.78075,[464,469],{"source":105,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":465,"cvss_v4_0":9},{"baseScore":103,"baseSeverity":466,"vectorString":106,"impactScore":467,"exploitabilityScore":468},"HIGH",6,10,{"source":111,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":470,"cvss_v4_0":9},{"baseScore":103,"baseSeverity":9,"vectorString":106,"impactScore":467,"exploitabilityScore":468},[472,482,558,570],{"ecosystem":9,"name":473,"vendor":474,"product":473,"cpe_part":475,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":476},"fedora","fedoraproject","o",[477,480],{"version":478,"is_range":26,"range_type":479,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"37","cpe",{"version":481,"is_range":26,"range_type":479,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38",{"ecosystem":9,"name":483,"vendor":484,"product":483,"cpe_part":485,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":486},"node","nodejs","a",[487,494,498,502,506,510,514,518,522,526,530,534,538,542,546,550,554],{"version":488,"is_range":489,"range_type":110,"version_start":490,"version_start_type":491,"version_end":492,"version_end_type":493,"fixed_in":9},">= 4.0, \u003C 4.*",true,"4.0","including","4.*","excluding",{"version":495,"is_range":489,"range_type":110,"version_start":496,"version_start_type":491,"version_end":497,"version_end_type":493,"fixed_in":9},">= 5.0, \u003C 5.*","5.0","5.*",{"version":499,"is_range":489,"range_type":110,"version_start":500,"version_start_type":491,"version_end":501,"version_end_type":493,"fixed_in":9},">= 6.0, \u003C 6.*","6.0","6.*",{"version":503,"is_range":489,"range_type":110,"version_start":504,"version_start_type":491,"version_end":505,"version_end_type":493,"fixed_in":9},">= 7.0, \u003C 7.*","7.0","7.*",{"version":507,"is_range":489,"range_type":110,"version_start":508,"version_start_type":491,"version_end":509,"version_end_type":493,"fixed_in":9},">= 8.0, \u003C 8.*","8.0","8.*",{"version":511,"is_range":489,"range_type":110,"version_start":512,"version_start_type":491,"version_end":513,"version_end_type":493,"fixed_in":9},">= 9.0, \u003C 9.*","9.0","9.*",{"version":515,"is_range":489,"range_type":110,"version_start":516,"version_start_type":491,"version_end":517,"version_end_type":493,"fixed_in":9},">= 10.0, \u003C 10.*","10.0","10.*",{"version":519,"is_range":489,"range_type":110,"version_start":520,"version_start_type":491,"version_end":521,"version_end_type":493,"fixed_in":9},">= 11.0, \u003C 11.*","11.0","11.*",{"version":523,"is_range":489,"range_type":110,"version_start":524,"version_start_type":491,"version_end":525,"version_end_type":493,"fixed_in":9},">= 12.0, \u003C 12.*","12.0","12.*",{"version":527,"is_range":489,"range_type":110,"version_start":528,"version_start_type":491,"version_end":529,"version_end_type":493,"fixed_in":9},">= 13.0, \u003C 13.*","13.0","13.*",{"version":531,"is_range":489,"range_type":110,"version_start":532,"version_start_type":491,"version_end":533,"version_end_type":493,"fixed_in":9},">= 14.0, \u003C 14.*","14.0","14.*",{"version":535,"is_range":489,"range_type":110,"version_start":536,"version_start_type":491,"version_end":537,"version_end_type":493,"fixed_in":9},">= 15.0, \u003C 15.*","15.0","15.*",{"version":539,"is_range":489,"range_type":110,"version_start":540,"version_start_type":491,"version_end":541,"version_end_type":493,"fixed_in":9},">= 16.0, \u003C 16.20.1","16.0","16.20.1",{"version":543,"is_range":489,"range_type":110,"version_start":544,"version_start_type":491,"version_end":545,"version_end_type":493,"fixed_in":9},">= 17.0, \u003C 17.*","17.0","17.*",{"version":547,"is_range":489,"range_type":110,"version_start":548,"version_start_type":491,"version_end":549,"version_end_type":493,"fixed_in":9},">= 18.0, \u003C 18.16.1","18.0","18.16.1",{"version":551,"is_range":489,"range_type":110,"version_start":552,"version_start_type":491,"version_end":553,"version_end_type":493,"fixed_in":9},">= 19.0, \u003C 19.*","19.0","19.*",{"version":555,"is_range":489,"range_type":110,"version_start":556,"version_start_type":491,"version_end":557,"version_end_type":493,"fixed_in":9},">= 20.0, \u003C 20.3.1","20.0","20.3.1",{"ecosystem":9,"name":559,"vendor":484,"product":559,"cpe_part":485,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":560},"node.js",[561,564,567],{"version":562,"is_range":489,"range_type":479,"version_start":563,"version_start_type":491,"version_end":541,"version_end_type":493,"fixed_in":9},"gte16.0.0_lt16.20.1","16.0.0",{"version":565,"is_range":489,"range_type":479,"version_start":566,"version_start_type":491,"version_end":549,"version_end_type":493,"fixed_in":9},"gte18.0.0_lt18.16.1","18.0.0",{"version":568,"is_range":489,"range_type":479,"version_start":569,"version_start_type":491,"version_end":557,"version_end_type":493,"fixed_in":9},"gte20.0.0_lt20.3.1","20.0.0",{"ecosystem":571,"name":572,"vendor":571,"product":572,"cpe_part":9,"purl_type":573,"purl_namespace":9,"purl_name":572,"source":9,"versions":574},"Npm","llhttp","npm",[575],{"version":576,"is_range":489,"range_type":577,"version_start":9,"version_start_type":9,"version_end":578,"version_end_type":493,"fixed_in":9},"lt8_1_1","semver","8.1.1"]