CVE-2022-32214
6.5MEDIUMThe llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
Publicado: 7/14/2022Atualizado: 11/21/2024
Descrição
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
Análise IADesenvolvido por IA
Produtos Afetados
llhttpllhttp
llhttpllhttp
nodejsnode.js
nodejsnode.js
nodejsnode.js
nodejsnode.js
nodejsnode.js
debiandebian_linux
11.0
stormshieldstormshield_management_center
Referências
- https://hackerone.com/reports/1524692ExploitIssue TrackingThird Party Advisory
- https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/PatchVendor Advisory
- https://www.debian.org/security/2023/dsa-5326Third Party Advisory
- https://hackerone.com/reports/1524692ExploitIssue TrackingThird Party Advisory
- https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/PatchVendor Advisory
- https://www.debian.org/security/2023/dsa-5326Third Party Advisory