CVE-2022-35256
6.5MEDIUMThe llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
Veröffentlicht: 12/5/2022Aktualisiert: 4/24/2025
Beschreibung
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
KI-AnalyseKI-gestützt
Betroffene Produkte
nodejsnode.js
nodejsnode.js
nodejsnode.js
nodejsnode.js
nodejsnode.js
llhttpllhttp
siemenssinec_ins
siemenssinec_ins
1.0
siemenssinec_ins
1.0
siemenssinec_ins
1.0
debiandebian_linux
11.0
Referenzen
- https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdfThird Party Advisory
- https://hackerone.com/reports/1675191ExploitIssue TrackingThird Party Advisory
- https://www.debian.org/security/2023/dsa-5326Third Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdfThird Party Advisory
- https://hackerone.com/reports/1675191ExploitIssue TrackingThird Party Advisory
- https://www.debian.org/security/2023/dsa-5326Third Party Advisory