10 matches found
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling in the llhttp implementation, when handing HTTP/1 headers terminated with \r\n\rX instead of the required \r\n\r\n. This allows attackers to bypass proxy-based access controls and submit unauthorized requests...
Fedora 41 : llhttp / python-aiohttp (2024-8deaadd998)
The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-8deaadd998 advisory. Update llhttp to 9.2.1, fixing CVE-2024-27982. Backport llhttp 9.2.1 support to python-aiohttp 3.9.3. Tenable has extracted the preceding description block...
Fedora 37 : llhttp (2022-9e7f967d20)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-9e7f967d20 advisory. Update to v6.0.10 - Disable chunked on obs https://github.com/nodejs/llhttp/pull/196 https://github.com/nodejs/llhttp/compare/v6.0.9...v6.0.10 Tenable has...
SUSE CVE-2021-22960
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...
The vulnerability of the HTTP-code analyzer in the llhttp software for managing network infrastructure of SINEC INS allows a perpetrator to execute arbitrary code.
The vulnerability of the HTTP-code analyzer in the llhttp software for managing network infrastructure in SINEC INS is related to the possibility of bypassing the authentication mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
ds-mcp (>=1.0.9 <=1.0.11) potentially affected by CVE-2022-32213 via llhttp (=1.0.1)
llhttp NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on llhttp and may be impacted: - ds-mcp =1.0.9, =1.0.11 Source cves: CVE-2022-32213 Source advisory: OSV:GHSA-5689-V88G-G6RV...
Design/Logic Flaw
The parser in accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS in llhttp v2.1.4 and v6.0.6...
UBUNTU-CVE-2021-22959
The parser in accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS in llhttp v2.1.4 and v6.0.6...
ALPINE-CVE-2021-22960
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...
DEBIAN-CVE-2021-22960
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...