Show filters
6 Total Results
Displaying 1-6 of 6
Sort by:
Attacker Value
Unknown
CVE-2022-35256
Disclosure Date: December 05, 2022 (last updated October 08, 2023)
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
0
Attacker Value
Unknown
CVE-2022-32213
Disclosure Date: July 14, 2022 (last updated November 08, 2023)
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).
0
Attacker Value
Unknown
CVE-2022-32215
Disclosure Date: July 14, 2022 (last updated November 08, 2023)
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
0
Attacker Value
Unknown
CVE-2022-32214
Disclosure Date: July 14, 2022 (last updated November 29, 2024)
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
0
Attacker Value
Unknown
CVE-2021-22959
Disclosure Date: November 15, 2021 (last updated October 07, 2023)
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
0
Attacker Value
Unknown
CVE-2021-22960
Disclosure Date: November 03, 2021 (last updated November 28, 2024)
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
0
