CVE-2022-32214
6.5MEDIUMThe llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
게시됨: 7/14/2022업데이트됨: 11/21/2024
설명
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
AI 분석AI 기반
영향받는 제품
llhttpllhttp
llhttpllhttp
nodejsnode.js
nodejsnode.js
nodejsnode.js
nodejsnode.js
nodejsnode.js
debiandebian_linux
11.0
stormshieldstormshield_management_center
참조
- https://hackerone.com/reports/1524692ExploitIssue TrackingThird Party Advisory
- https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/PatchVendor Advisory
- https://www.debian.org/security/2023/dsa-5326Third Party Advisory
- https://hackerone.com/reports/1524692ExploitIssue TrackingThird Party Advisory
- https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/PatchVendor Advisory
- https://www.debian.org/security/2023/dsa-5326Third Party Advisory