Lucene search
HistoryJul 14, 2022 - 3:15 p.m.
CVE-2022-32214
node.js
http request smuggling
llhttp parser
cve-2022-32214
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS
0.002
Percentile
60.9%
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
Affected configurations
Node
llhttpllhttpRange<2.1.5node.js
ORllhttpllhttpRange6.0.0–6.0.7node.js
ORnodejsnode.jsRange14.0.0–14.14.0-
ORnodejsnode.jsRange14.15.0–14.20.0lts
ORnodejsnode.jsRange16.0.0–16.12.0-
ORnodejsnode.jsRange16.13.0–16.16.0lts
ORnodejsnode.jsRange18.0.0–18.5.0-
Node
debiandebian_linuxMatch11.0
Node
stormshieldstormshield_management_centerRange<3.3.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| llhttp | llhttp | * | cpe:2.3:a:llhttp:llhttp:*:*:*:*:*:node.js:*:* |
| nodejs | node.js | * | cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* |
| nodejs | node.js | * | cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* |
| debian | debian_linux | 11.0 | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
| stormshield | stormshield_management_center | * | cpe:2.3:a:stormshield:stormshield_management_center:*:*:*:*:*:*:*:* |
Related
cbl_mariner
cbl_mariner
CVE-2022-32214 affecting package nodejs 14.18.3-1
2022-08-12 16:45:11
CVE-2022-32214 affecting package nodejs for versions less than 16.16.0-1
2022-08-31 06:17:55
CVE-2022-32214 affecting package rust for versions less than 1.75.0-1
2024-09-27 09:12:36
osv
osv
CVE-2022-32214
2022-07-14 15:15:08
BIT-node-2022-32214
2024-03-06 11:03:58
github
github
veracode
veracode
HTTP Request Smuggling
2022-07-08 18:20:52
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to HTTP request smuggling due to CVE-2022-32214
2022-11-04 18:17:24
Security Bulletin: IBM DataPower Gateway potentially vulnerable to HTTP request smuggling
2022-11-21 21:55:18
Security Bulletin: Multiple Vulnerabilities in node.js
2022-08-08 17:42:51
cve
cve
CVE-2022-32214
2022-07-14 15:15:08
redhatcve
redhatcve
CVE-2022-32214
2022-07-18 12:19:11
nessus
nessus
CBL Mariner 2.0 Security Update: nodejs (CVE-2022-32214)
2023-03-20 00:00:00
Photon OS 3.0: Nodejs PHSA-2022-3.0-0426
2024-07-24 00:00:00
SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2022:2415-1)
2022-07-21 00:00:00
prion
prion
Crlf injection
2022-07-14 15:15:00
alpinelinux
alpinelinux
CVE-2022-32214
2022-07-14 15:15:08
hackerone
hackerone
cvelist
cvelist
CVE-2022-32214
2022-07-14 00:00:00
ubuntucve
ubuntucve
CVE-2022-32214
2022-07-14 00:00:00
debiancve
debiancve
CVE-2022-32214
2022-07-14 15:15:08
photon
photon
Critical Photon OS Security Update - PHSA-2022-0426
2022-07-26 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0426
2022-07-26 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:2430-1)
2022-07-19 00:00:00
openSUSE: Security Advisory for nodejs16 (SUSE-SU-2022:2491-1)
2022-07-22 00:00:00
openSUSE: Security Advisory for nodejs14 (SUSE-SU-2022:2425-1)
2022-07-19 00:00:00
suse
suse
Security update for nodejs12 (important)
2022-07-18 00:00:00
Security update for nodejs16 (important)
2022-07-21 00:00:00
Security update for nodejs14 (important)
2022-07-18 00:00:00
almalinux
almalinux
Moderate: nodejs:14 security and bug fix update
2022-09-13 00:00:00
Moderate: nodejs and nodejs-nodemon security and bug fix update
2022-09-20 00:00:00
oraclelinux
oraclelinux
nodejs:14 security and bug fix update
2022-09-15 00:00:00
nodejs:16 security and bug fix update
2022-09-15 00:00:00
nodejs and nodejs-nodemon security and bug fix update
2022-09-22 00:00:00
rocky
rocky
nodejs:14 security and bug fix update
2022-09-13 07:36:51
nodejs:16 security and bug fix update
2022-09-13 07:36:52
nodejs and nodejs-nodemon security and bug fix update
2022-09-20 11:37:49
redhat
redhat
mageia
mageia
Updated nodejs packages fix security vulnerability
2022-08-26 00:21:07
ubuntu
ubuntu
Node.js vulnerabilities
2023-11-21 00:00:00
freebsd
freebsd
Node.js -- July 7th 2022 Security Releases
2022-07-05 00:00:00
debian
debian
[SECURITY] [DSA 5326-1] nodejs security update
2023-01-24 20:01:20
nodejsblog
nodejsblog
July 7th 2022 Security Releases
2022-07-07 00:00:00
gentoo
gentoo
Node.js: Multiple Vulnerabilities
2024-05-08 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS
0.002
Percentile
60.9%
Related for NVD:CVE-2022-32214