CVE-2022-32214
CVSS v3.1
6.5 (Medium)
EPSS
0.22 % (61th)
Affected Products
4
Advisories
27
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
Weaknesses
- CWE-444
- Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
- CVE Status
- PUBLISHED
- CNA
- HackerOne
- Published Date
-
2022-07-14 15:15:08
(2 years ago) - Updated Date
-
2023-07-19 00:55:52
(14 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...