How severe is CVE-2021-22960?

CVE-2021-22960 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2021-22960

6.5MEDIUM

The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.

公開日: 11/3/2021更新日: 11/21/2024

説明

The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.

AI分析AIによる分析

影響を受ける製品

llhttpllhttp

oraclegraalvm

20.3.4

oraclegraalvm

21.3.0

debiandebian_linux

11.0

参照

https://hackerone.com/reports/1238099
ExploitIssue TrackingThird Party Advisory
https://www.debian.org/security/2022/dsa-5170
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
PatchThird Party Advisory
https://hackerone.com/reports/1238099
ExploitIssue TrackingThird Party Advisory
https://www.debian.org/security/2022/dsa-5170
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
PatchThird Party Advisory