Filtered by vendor Llhttp Subscriptions
Total 6 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-22959 4 Debian, Llhttp, Oracle and 1 more 7 Debian Linux, Llhttp, Graalvm and 4 more 2024-08-03 6.5 Medium
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
CVE-2021-22960 4 Debian, Llhttp, Oracle and 1 more 7 Debian Linux, Llhttp, Graalvm and 4 more 2024-08-03 6.5 Medium
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
CVE-2022-35256 5 Debian, Llhttp, Nodejs and 2 more 7 Debian Linux, Llhttp, Node.js and 4 more 2024-08-03 6.5 Medium
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
CVE-2022-32215 7 Debian, Fedoraproject, Llhttp and 4 more 9 Debian Linux, Fedora, Llhttp and 6 more 2024-08-03 6.5 Medium
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
CVE-2022-32213 7 Debian, Fedoraproject, Llhttp and 4 more 9 Debian Linux, Fedora, Llhttp and 6 more 2024-08-03 6.5 Medium
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).
CVE-2022-32214 5 Debian, Llhttp, Nodejs and 2 more 7 Debian Linux, Llhttp, Node.js and 4 more 2024-08-03 6.5 Medium
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).