File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -280,11 +280,9 @@ the community they pose.
280280
281281* Node.js treats data from remote network peers as untrusted, and bugs in
282282 parsers or protocol implementations may be security vulnerabilities.
283- * Node.js may close HTTP/1.1 keep-alive connections when data is detected while
284- no request is outstanding, as described by RFC 9112 section 9.2. Reports that
285- rely solely on a malicious or compromised server racing unsolicited or
286- misordered responses within the same HTTP/1.1 connection reuse lifecycle are
287- generally not considered Node.js vulnerabilities.
283+ * Node.js treats data order from HTTP/1.1 keep-alive connections as trusted, meaning that a Node.js
284+ client consuming unsolicited or misordered responses within the same HTTP/1.1 connection
285+ reuse lifecycle are generally not considered Node.js vulnerabilities.
288286
289287#### Malicious Third-Party Modules (CWE-1357)
290288
You can’t perform that action at this time.
0 commit comments