CVE-2022-32215

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:llhttp:llhttp:*:*:*:*:*:node.js:*:*
cpe:2.3:a:llhttp:llhttp:*:*:*:*:*:node.js:*:*
cpe:2.3:a:llhttp:llhttp:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Information

Published : 2022-07-14 08:15

Updated : 2023-02-23 08:31


NVD link : CVE-2022-32215

Mitre link : CVE-2022-32215


JSON object : View

CWE
CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Advertisement

dedicated server usa

Products Affected

nodejs

  • node.js

fedoraproject

  • fedora

siemens

  • sinec_ins

llhttp

  • llhttp

debian

  • debian_linux