How severe is CVE-2022-35256?

CVE-2022-35256 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2022-35256

Name: node.js
Author: nodejs

6.5MEDIUM

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

Publicado: 12/5/2022Actualizado: 4/24/2025

Descripción

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

Análisis IAImpulsado por IA

Productos Afectados

nodejsnode.js

llhttpllhttp

siemenssinec_ins

1.0

siemenssinec_ins

1.0

siemenssinec_ins

1.0

debiandebian_linux

11.0

Referencias

https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
Third Party Advisory
https://hackerone.com/reports/1675191
ExploitIssue TrackingThird Party Advisory
https://www.debian.org/security/2023/dsa-5326
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
Third Party Advisory
https://hackerone.com/reports/1675191
ExploitIssue TrackingThird Party Advisory
https://www.debian.org/security/2023/dsa-5326
Third Party Advisory