How severe is CVE-2022-32214?

CVE-2022-32214 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2022-32214

Name: node.js
Author: nodejs

6.5MEDIUM

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).

发布于: 7/14/2022更新于: 11/21/2024

描述

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).

AI分析AI驱动

受影响产品

llhttpllhttp

nodejsnode.js

debiandebian_linux

11.0

stormshieldstormshield_management_center

参考资料

https://hackerone.com/reports/1524692
ExploitIssue TrackingThird Party Advisory
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
PatchVendor Advisory
https://www.debian.org/security/2023/dsa-5326
Third Party Advisory
https://hackerone.com/reports/1524692
ExploitIssue TrackingThird Party Advisory
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
PatchVendor Advisory
https://www.debian.org/security/2023/dsa-5326
Third Party Advisory