Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Llhttp Subscribe
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-35256 4 Debian, Llhttp, Nodejs and 1 more 4 Debian Linux, Llhttp, Node.js and 1 more 2023-03-01 N/A 6.5 MEDIUM
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
CVE-2022-32214 3 Debian, Llhttp, Nodejs 3 Debian Linux, Llhttp, Node.js 2023-02-23 N/A 6.5 MEDIUM
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
CVE-2022-32213 5 Debian, Fedoraproject, Llhttp and 2 more 5 Debian Linux, Fedora, Llhttp and 2 more 2023-02-23 N/A 6.5 MEDIUM
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).
CVE-2022-32215 5 Debian, Fedoraproject, Llhttp and 2 more 5 Debian Linux, Fedora, Llhttp and 2 more 2023-02-23 N/A 6.5 MEDIUM
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
CVE-2021-22960 3 Debian, Llhttp, Oracle 3 Debian Linux, Llhttp, Graalvm 2023-01-19 5.8 MEDIUM 6.5 MEDIUM
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
CVE-2021-22959 3 Debian, Llhttp, Oracle 3 Debian Linux, Llhttp, Graalvm 2022-12-09 6.4 MEDIUM 6.5 MEDIUM
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.