Lucene search
HackeroneCVELIST:CVE-2021-22960HistoryNov 03, 2021 - 7:22 p.m.
CVE-2021-22960
2021-11-0319:22:42
CWE-444
hackerone
www.cve.org
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
CNA Affected
[
{
"product": "https://github.com/nodejs/llhttp",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in v2.1.4 and v6.0.6"
}
]
}
]Related
alpinelinux
alpinelinux
CVE-2021-22960
2021-11-03 20:15:08
nvd
nvd
CVE-2021-22960
2021-11-03 20:15:08
osv
osv
CVE-2021-22960
2021-11-03 20:15:08
nodejs - security update
2022-06-27 00:00:00
Moderate: nodejs:16 security, bug fix, and enhancement update
2021-12-15 19:09:29
veracode
veracode
HTTP Request Smuggling
2021-10-13 17:27:33
ubuntucve
ubuntucve
CVE-2021-22960
2021-11-03 00:00:00
prion
prion
Design/Logic Flaw
2021-11-03 20:15:00
ibm
ibm
debiancve
debiancve
CVE-2021-22960
2021-11-03 20:15:08
cve
cve
CVE-2021-22960
2021-11-03 20:15:08
redhatcve
redhatcve
CVE-2021-22960
2021-10-14 12:15:38
hackerone
hackerone
Node.js: HTTP Request Smuggling due to ignoring chunk extensions
2021-06-19 08:43:05
fedora
fedora
[SECURITY] Fedora 35 Update: nodejs-16.11.1-1.fc35
2021-10-29 23:27:03
[SECURITY] Fedora 33 Update: nodejs-14.18.1-1.fc33
2021-10-23 03:25:54
[SECURITY] Fedora 34 Update: nodejs-14.18.1-1.fc34
2021-10-23 03:22:47
openvas
openvas
Fedora: Security Advisory for nodejs (FEDORA-2021-cbad295a90)
2021-10-24 00:00:00
Fedora: Security Advisory for nodejs (FEDORA-2021-9818cabe0d)
2021-10-30 00:00:00
Mageia: Security Advisory (MGASA-2021-0592)
2022-01-28 00:00:00
archlinux
archlinux
[ASA-202110-4] nodejs: url request injection
2021-10-21 00:00:00
[ASA-202110-6] nodejs-lts-erbium: multiple issues
2021-10-21 00:00:00
[ASA-202110-5] nodejs-lts-fermium: multiple issues
2021-10-21 00:00:00
nessus
nessus
Node.js Multiple Vulnerabilities (October 12th 2021 Security Releases)
2021-10-19 00:00:00
FreeBSD : Node.js -- October 2021 Security Releases (a9c5e89d-2d15-11ec-8363-0022489ad614)
2021-10-18 00:00:00
Debian DSA-5170-1 : nodejs - security update
2022-06-28 00:00:00
nodejsblog
nodejsblog
October 12th 2021 Security Releases
2021-10-12 00:00:00
mageia
mageia
Updated nodejs packages fix security vulnerability
2021-12-30 19:41:51
altlinux
altlinux
Security fix for the ALT Linux 10 package node version 14.18.2-alt1
2021-12-23 00:00:00
freebsd
freebsd
Node.js -- October 2021 Security Releases
2021-10-12 00:00:00
redhat
redhat
debian
debian
[SECURITY] [DSA 5170-1] nodejs security update
2022-06-27 18:43:26
oraclelinux
oraclelinux
nodejs:16 security, bug fix, and enhancement update
2021-12-16 00:00:00
nodejs:14 security, bug fix, and enhancement update
2022-02-02 00:00:00
suse
suse
Security update for nodejs14 (important)
2021-12-10 00:00:00
Security update for nodejs12 (important)
2021-12-12 00:00:00
Security update for nodejs14 (important)
2021-12-07 00:00:00
almalinux
almalinux
Moderate: nodejs:16 security, bug fix, and enhancement update
2021-12-15 19:09:29
Moderate: nodejs:14 security, bug fix, and enhancement update
2022-02-01 20:08:39
rocky
rocky
nodejs:16 security, bug fix, and enhancement update
2021-12-15 19:09:29
nodejs:14 security, bug fix, and enhancement update
2022-02-01 20:08:39
12 bug fix and enhancement update
2022-06-21 11:47:44
gentoo
gentoo
Node.js: Multiple Vulnerabilities
2024-05-08 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00