CVE-2022-32214
6.5MEDIUMThe llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
Published: 7/14/2022Updated: 11/21/2024
Description
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
AI AnalysisPowered by AI
Affected Products
llhttpllhttp
llhttpllhttp
nodejsnode.js
nodejsnode.js
nodejsnode.js
nodejsnode.js
nodejsnode.js
debiandebian_linux
11.0
stormshieldstormshield_management_center
References
- https://hackerone.com/reports/1524692ExploitIssue TrackingThird Party Advisory
- https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/PatchVendor Advisory
- https://www.debian.org/security/2023/dsa-5326Third Party Advisory
- https://hackerone.com/reports/1524692ExploitIssue TrackingThird Party Advisory
- https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/PatchVendor Advisory
- https://www.debian.org/security/2023/dsa-5326Third Party Advisory