CVE-2022-32215
6.5MEDIUMThe llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
Publicado: 7/14/2022Atualizado: 11/21/2024
Descrição
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
Análise IADesenvolvido por IA
Produtos Afetados
llhttpllhttp
llhttpllhttp
llhttpllhttp
nodejsnode.js
nodejsnode.js
nodejsnode.js
nodejsnode.js
nodejsnode.js
fedoraprojectfedora
35
fedoraprojectfedora
36
fedoraprojectfedora
37
siemenssinec_ins
1.0
siemenssinec_ins
1.0
siemenssinec_ins
1.0
debiandebian_linux
11.0
stormshieldstormshield_management_center
Referências
- https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdfPatchThird Party Advisory
- https://hackerone.com/reports/1501679ExploitIssue TrackingThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/
- https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/PatchVendor Advisory
- https://www.debian.org/security/2023/dsa-5326Third Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdfPatchThird Party Advisory
- https://hackerone.com/reports/1501679ExploitIssue TrackingThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/
- https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/PatchVendor Advisory
- https://www.debian.org/security/2023/dsa-5326Third Party Advisory