How severe is CVE-2022-35256?

CVE-2022-35256 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2022-35256

Name: node.js
Author: nodejs

6.5MEDIUM

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

公開日: 12/5/2022更新日: 4/24/2025

説明

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

AI分析AIによる分析

影響を受ける製品

nodejsnode.js

llhttpllhttp

siemenssinec_ins

1.0

siemenssinec_ins

1.0

siemenssinec_ins

1.0

debiandebian_linux

11.0

参照

https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
Third Party Advisory
https://hackerone.com/reports/1675191
ExploitIssue TrackingThird Party Advisory
https://www.debian.org/security/2023/dsa-5326
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
Third Party Advisory
https://hackerone.com/reports/1675191
ExploitIssue TrackingThird Party Advisory
https://www.debian.org/security/2023/dsa-5326
Third Party Advisory