CVE-2022-35256
6.5MEDIUMThe llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
게시됨: 12/5/2022업데이트됨: 4/24/2025
설명
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
AI 분석AI 기반
영향받는 제품
nodejsnode.js
nodejsnode.js
nodejsnode.js
nodejsnode.js
nodejsnode.js
llhttpllhttp
siemenssinec_ins
siemenssinec_ins
1.0
siemenssinec_ins
1.0
siemenssinec_ins
1.0
debiandebian_linux
11.0
참조
- https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdfThird Party Advisory
- https://hackerone.com/reports/1675191ExploitIssue TrackingThird Party Advisory
- https://www.debian.org/security/2023/dsa-5326Third Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdfThird Party Advisory
- https://hackerone.com/reports/1675191ExploitIssue TrackingThird Party Advisory
- https://www.debian.org/security/2023/dsa-5326Third Party Advisory