The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
07 Nov 2023, 03:47
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
19 Jul 2023, 00:56
Type | Values Removed | Values Added |
---|---|---|
First Time |
Stormshield stormshield Management Center
Stormshield |
|
CPE | cpe:2.3:a:stormshield:stormshield_management_center:*:*:*:*:*:*:*:* |
23 Feb 2023, 16:32
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject
Debian Siemens sinec Ins Fedoraproject fedora Debian debian Linux Siemens |
|
CPE | cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:* |
|
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf - Patch, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2023/dsa-5326 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/ - Mailing List, Third Party Advisory |
26 Jan 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Jan 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Nov 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Nov 2022, 14:43
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
07 Oct 2022, 16:39
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://hackerone.com/reports/1524555 - Exploit, Third Party Advisory |
30 Sep 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). | |
References |
|
|
16 Sep 2022, 19:51
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220915-0001/ - Third Party Advisory |
15 Sep 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Jul 2022, 15:57
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* |
21 Jul 2022, 15:14
Type | Values Removed | Values Added |
---|---|---|
First Time |
Nodejs
Llhttp Llhttp llhttp Nodejs node.js |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
CPE | cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* cpe:2.3:a:llhttp:llhttp:*:*:*:*:*:node.js:*:* |
|
References | (MISC) https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/ - Patch, Vendor Advisory | |
CWE | CWE-444 |
14 Jul 2022, 15:19
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-14 15:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-32213
Mitre link : CVE-2022-32213
CVE.ORG link : CVE-2022-32213
JSON object : View
Products Affected
debian
- debian_linux
siemens
- sinec_ins
nodejs
- node.js
stormshield
- stormshield_management_center
llhttp
- llhttp
fedoraproject
- fedora
CWE
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')