From a595c406a9ca911ceaa43767e39eb9079aacf8b4 Mon Sep 17 00:00:00 2001
From: Marco Ippolito <marcoippolito54@gmail.com>
Date: Wed, 3 Apr 2024 17:10:32 +0100
Subject: [PATCH] vuln: add vulnerabilities from april security release (#1272)

---
 vuln/core/139.json | 12 ++++++++++++
 vuln/core/140.json | 12 ++++++++++++
 2 files changed, 24 insertions(+)
 create mode 100644 vuln/core/139.json
 create mode 100644 vuln/core/140.json

diff --git a/vuln/core/139.json b/vuln/core/139.json
new file mode 100644
index 00000000..1d1525b0
--- /dev/null
+++ b/vuln/core/139.json
@@ -0,0 +1,12 @@
+{
+    "cve": [
+        "CVE-2024-27983"
+    ],
+    "vulnerable": "18.x || 20.x || 21.x",
+    "patched": "^18.20.1 || ^20.12.1 || ^21.7.2",
+    "ref": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/",
+    "overview": "An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.",
+    "affectedEnvironments": [
+        "all"
+    ]
+}
\ No newline at end of file
diff --git a/vuln/core/140.json b/vuln/core/140.json
new file mode 100644
index 00000000..ab6b9eb2
--- /dev/null
+++ b/vuln/core/140.json
@@ -0,0 +1,12 @@
+{
+    "cve": [
+        "CVE-2024-27982"
+    ],
+    "vulnerable": "18.x || 20.x || 21.x",
+    "patched": "^18.20.1 || ^20.12.1 || ^21.7.2",
+    "ref": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/",
+    "overview": "The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.",
+    "affectedEnvironments": [
+        "all"
+    ]
+}
\ No newline at end of file