131 matches found
CVE-2022-32215
The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...
CVE-2022-32215
The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...
IBM Answer Retrieval for Watson Discovery On Prem 环境问题漏洞
IBM Answer Retrieval for Watson Discovery On Prem is a microservices-based, cloud-native solution from International Business Machines IBM. IBM Answer Retrieval for Watson Discovery On Prem suffers from an environmental issue vulnerability that stems from the llhttp parser in the HTTP module not...
CVE-2022-32215
A vulnerability was found in NodeJS due to the llhttp parser in the HTTP module incorrectly handling multi-line Transfer-Encoding headers. This issue can lead to HTTP Request Smuggling HRS. This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle...
CVE-2022-32213
A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This issue can lead to HTTP Request Smuggling HRS, causing web cache poisoning, and conducting XSS attacks...
Node.js 环境问题漏洞
Node.js is an open source, cross-platform JavaScript runtime environment. An environmental issue vulnerability exists in Node.js that stems from the llhttp parser in the Node.js http module not properly parsing and validating the Transfer-Encoding header, which could result in HTTP Request...
PT-2022-21155 · Node.Js +8 · Node.Js +8
Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 14.20.1 Node.js versions prior to 16.17.1 Node.js versions prior to 18.9.1 Description: The issue arises from the llhttp parser in the http module of Node.js not correctly handling multi-line Transfer-Encoding header...
PT-2022-3606 · Node.Js +8 · Node.Js +8
Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 14.20.1 Node.js versions prior to 16.17.1 Node.js versions prior to 18.9.1 Description: The issue is related to the llhttp parser in the http module in Node.js, which does not strictly use the CRLF sequence to delimi...
Node.js -- July 7th 2022 Security Releases
Node.js reports: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding MediumCVE-2022-32213 The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS. HTTP Request Smuggling - Improper Delimiting of...
Node.js: HTTP Request Smuggling Due To Improper Delimiting of Header Fields
Summary: The llhttp parser in the http module in Node v17.8.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. Description: The LF character without CR is sufficient to delimit HTTP header fields in the lihttp parser. According to...
CVE-2021-22959
The parser in accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS in llhttp v2.1.4 and v6.0.6...