CVE-2022-35256
CVSS v3.1
6.5 (Medium)
EPSS
0.26 % (66th)
Affected Products
4
Advisories
37
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
Weaknesses
- CWE-444
- Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
- CVE Status
- PUBLISHED
- CNA
- HackerOne
- Published Date
-
2022-12-05 22:15:10
(21 months ago) - Updated Date
-
2023-05-12 13:30:33
(16 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...