CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2022/07/14 3:15 p.m.•2 views

ALPINE-CVE-2022-32213

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...

6.5CVSS7AI score0.34494EPSS

6.5CVSS6.7AI score0.68796EPSS

AZL-41446 CVE-2022-32215 affecting package rust for versions less than 1.75.0-1

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...

6.5CVSS6.6AI score0.34494EPSS

DEBIAN-CVE-2022-32213

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...

OSV•added 2022/07/14 3:15 p.m.•3 views

AZL-10150 CVE-2022-32213 affecting package nodejs for versions less than 16.20.2-4

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...

6.5CVSS6.7AI score0.34494EPSS

6.5CVSS6.6AI score0.68796EPSS

DEBIAN-CVE-2022-32215

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...

UbuntuCve•added 2022/07/14 3:15 p.m.•32 views

CVE-2022-32215

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...

6.5CVSS6.8AI score0.68796EPSS

Exploits1References5

UbuntuCve•added 2022/07/14 3:15 p.m.•47 views

CVE-2022-32213

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...

6.5CVSS6.8AI score0.34494EPSS

Exploits1References5

6.5CVSS6.8AI score0.34494EPSS

UBUNTU-CVE-2022-32213

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...

Exploits1References6

OSV•added 2022/07/14 3:15 p.m.•0 views

UBUNTU-CVE-2022-32215

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...

6.5CVSS6.8AI score0.68796EPSS

Exploits1References6

AlpineLinux•added 2022/07/14 12:0 a.m.•87 views

CVE-2022-32213

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...

6.5CVSS7.7AI score0.34494EPSS

Debian CVE•added 2022/07/14 12:0 a.m.•25 views

CVE-2022-32215

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...

6.5CVSS7AI score0.68796EPSS

Cvelist•added 2022/07/14 12:0 a.m.•29 views

CVE-2022-32213

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...

7.4AI score0.34494EPSS

Exploits1References7

Positive Technologies•added 2022/07/12 12:0 a.m.•9 views

PT-2022-6218 · Apache +10 · Apache Http Server +10

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.54 and prior versions Description: The issue is related to the inconsistent interpretation of HTTP requests, also known as 'HTTP Request Smuggling', in the mod proxy ajp module of the Apache HTTP Server. This...

10CVSS6.7AI score0.90407EPSS

Exploits8References133

RedhatCVE•added 2022/07/08 7:17 p.m.•45 views

CVE-2022-32215

A vulnerability was found in NodeJS due to the llhttp parser in the HTTP module incorrectly handling multi-line Transfer-Encoding headers. This issue can lead to HTTP Request Smuggling HRS. This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle...

6.5CVSS3.4AI score0.68796EPSS

Exploits1References4

Veracode•added 2022/07/08 8:18 a.m.•33 views

HTTP Request Smuggling

llhttp is vulnerable to http request smuggling. The vulnerability exists in the http function in http.ts due to a lack of validation and parsing of Transfer-Encoding headers which allows an attacker to smuggle HTTP requests...

6.5CVSS7.1AI score0.34494EPSS

Exploits1References15Affected Software4

Hacker One•added 2022/07/08 3:42 a.m.•58 views

Internet Bug Bounty: CVE-2022-32213 - HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding

Original Report: https://hackerone.com/reports/1524555 Impact Depending on the specific web application, HRS can lead to cache poisoning, bypassing of security layers, stealing of credentials and so on...

6.4CVSS7.3AI score0.34494EPSS

Hacker One•added 2022/07/08 3:41 a.m.•77 views

Internet Bug Bounty: CVE-2022-32215 - HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding

Original Report: https://hackerone.com/reports/1501679 Impact Depending on the specific web application, HRS can lead to cache poisoning, bypassing of security layers, stealing of credentials and so on...

6.4CVSS7.3AI score0.68796EPSS