CNNVD-202507-2319 Information

CNNVD ID

CNNVD-202507-2319

Related CVE

CVE-2025-7339

• CNNVD Published: 2025-07-17

Description (Chinese)

on-headers是jshttp开源的一个应用软件。 on-headers 1.1.0版本存在安全漏洞，该漏洞源于传递数组到response.writeHead时可能无意修改响应头。

Description (English)

On-headers is an application for jshttp open source. There is a security loophole in version 1.1.0 on-headers, which stems from the fact that there may be no intention of modifying the response head when passing the array to reponse.writehead.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

jshttp

Published

2025-07-17

Last Modified

2026-02-24

References

https://cna.openjsf.org/security-advisories.html https://github.com/expressjs/morgan/issues/315 https://github.com/js https://www.oracle.com/security-alerts/cpuoct2025.html https://nvd.nist.gov/vuln/detail/CVE-2025-7339

Patch

https://github.com/jshttp/on-headers/releases