CVE-2021-22960
6.5MEDIUMThe parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
Publicado: 11/3/2021Atualizado: 11/21/2024
Descrição
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
Análise IADesenvolvido por IA
Produtos Afetados
llhttpllhttp
llhttpllhttp
oraclegraalvm
20.3.4
oraclegraalvm
21.3.0
debiandebian_linux
11.0
Referências
- https://hackerone.com/reports/1238099ExploitIssue TrackingThird Party Advisory
- https://www.debian.org/security/2022/dsa-5170Third Party Advisory
- https://www.oracle.com/security-alerts/cpujan2022.htmlPatchThird Party Advisory
- https://hackerone.com/reports/1238099ExploitIssue TrackingThird Party Advisory
- https://www.debian.org/security/2022/dsa-5170Third Party Advisory
- https://www.oracle.com/security-alerts/cpujan2022.htmlPatchThird Party Advisory