Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

CVE-2021-22959

🗓️ 15 Nov 2021 15:06:15Reported by hackeroneType 
cve
 cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 205 Views

The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
Detection
Affected
Refs
Social
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: Vulnerability in Node.js affects IBM Event Streams (CVE-2021-22959)
4 Jan 202213:01
ibm
IBM Security Bulletins		Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Managed Services
21 Oct 202217:00
ibm
IBM Security Bulletins		Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to HTTP request smuggling due to CVE-2021-22959
31 Mar 202214:10
ibm
IBM Security Bulletins		Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js
17 Dec 202104:21
ibm
IBM Security Bulletins		Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Node.js vulnerabilities (CVE-2021-22959 and CVE-2021-22960)
13 Jan 202215:45
ibm
IBM Security Bulletins		Security Bulletin: Vulnerabilities in Node.js affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2021-22960, CVE-2021-22959
26 Jan 202208:18
ibm
IBM Security Bulletins		Security Bulletin: IBM DataPower affected by vulnerabilities in Node.js
2 Mar 202215:24
ibm
IBM Security Bulletins		Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Node.js (CVE-2021-22959, CVE-2021-22960)
22 Apr 202220:24
ibm
IBM Security Bulletins		Security Bulletin: Vulnerabilities in Node.js affecting IBM Event Streams (CVE-2021-22960 and CVE-2021-22959)
21 Dec 202117:46
ibm
IBM Security Bulletins		Security Bulletin: Vulnerability in Node.js- CVE-2021-22959, CVE-2021-22960 may affect IBM Watson Assistant for IBM Cloud Pak for Data.
25 Feb 202220:34
ibm
Rows per page
Nvd
Vulners
Node
llhttpllhttpRange<2.1.4node.js
OR
llhttpllhttpRange3.0.06.0.6node.js
Node
oraclegraalvmMatch20.3.4enterprise
OR
oraclegraalvmMatch21.3.0enterprise
Node
debiandebian_linuxMatch11.0
[
  {
    "product": "https://github.com/nodejs/llhttp",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in llhttp v2.1.4 and v6.0.6"
      }
    ]
  }
]

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
15 Nov 2021 15:15Current
7.1High risk
Vulners AI Score7.1
CVSS26.4
CVSS36.5
EPSS0.00206
CWE-444
cve-2021-22959parserhttp request smugglingllhttpnvdsecurityvulnerability
205
.json
Report