VYPR
High severity7.5NVD Advisory· Published Apr 7, 2016· Updated Jun 17, 2026

CVE-2016-2216

CVE-2016-2216

Description

The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

99

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.