How severe is CVE-2021-22960?

CVE-2021-22960 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2021-22960

6.5MEDIUM

The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.

게시됨: 11/3/2021업데이트됨: 11/21/2024

설명

The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.

AI 분석AI 기반

영향받는 제품

llhttpllhttp

oraclegraalvm

20.3.4

oraclegraalvm

21.3.0

debiandebian_linux

11.0

참조

https://hackerone.com/reports/1238099
ExploitIssue TrackingThird Party Advisory
https://www.debian.org/security/2022/dsa-5170
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
PatchThird Party Advisory
https://hackerone.com/reports/1238099
ExploitIssue TrackingThird Party Advisory
https://www.debian.org/security/2022/dsa-5170
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
PatchThird Party Advisory