How severe is CVE-2022-35256?

CVE-2022-35256 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2022-35256

Name: node.js
Author: nodejs

6.5MEDIUM

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

Опубликовано: 12/5/2022Обновлено: 4/24/2025

Описание

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

ИИ-АнализНа базе ИИ

Затронутые продукты

nodejsnode.js

llhttpllhttp

siemenssinec_ins

1.0

siemenssinec_ins

1.0

siemenssinec_ins

1.0

debiandebian_linux

11.0

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
Third Party Advisory
https://hackerone.com/reports/1675191
ExploitIssue TrackingThird Party Advisory
https://www.debian.org/security/2023/dsa-5326
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
Third Party Advisory
https://hackerone.com/reports/1675191
ExploitIssue TrackingThird Party Advisory
https://www.debian.org/security/2023/dsa-5326
Third Party Advisory