How severe is CVE-2022-35256?

CVE-2022-35256 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2022-35256

Name: node.js
Author: nodejs

6.5MEDIUM

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

发布于: 12/5/2022更新于: 4/24/2025

描述

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

AI分析AI驱动

受影响产品

nodejsnode.js

llhttpllhttp

siemenssinec_ins

1.0

siemenssinec_ins

1.0

siemenssinec_ins

1.0

debiandebian_linux

11.0

参考资料

https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
Third Party Advisory
https://hackerone.com/reports/1675191
ExploitIssue TrackingThird Party Advisory
https://www.debian.org/security/2023/dsa-5326
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
Third Party Advisory
https://hackerone.com/reports/1675191
ExploitIssue TrackingThird Party Advisory
https://www.debian.org/security/2023/dsa-5326
Third Party Advisory