276 matches found
HTTP Request Smuggling
Overview llhttp is a set of Ruby bindings for llhttp. Affected versions of this package are vulnerable to HTTP Request Smuggling when the llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. Remediation A fix was pushed into the master branch but not y...
Node.js 环境问题漏洞
Node.js is an open source, cross-platform JavaScript runtime environment. An environmental issue vulnerability exists in Node.js that stems from the llhttp parser in the Node.js http module not properly parsing and validating the Transfer-Encoding header, which could result in HTTP Request...
PT-2022-21155 · Node.Js +8 · Node.Js +8
Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 14.20.1 Node.js versions prior to 16.17.1 Node.js versions prior to 18.9.1 Description: The issue arises from the llhttp parser in the http module of Node.js not correctly handling multi-line Transfer-Encoding header...
July 7th 2022 Security Releases
July 7th 2022 Security Releases Update 07-July-2022 Security releases available Updates are now available for the v18.x, v16.x, and v14.x Node.js release lines for the following issues. HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding MediumCVE-2022-32213 The llhttp parser in the http...
PT-2022-3606 · Node.Js +8 · Node.Js +8
Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 14.20.1 Node.js versions prior to 16.17.1 Node.js versions prior to 18.9.1 Description: The issue is related to the llhttp parser in the http module in Node.js, which does not strictly use the CRLF sequence to delimi...
Node.js -- July 7th 2022 Security Releases
Node.js reports: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding MediumCVE-2022-32213 The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS. HTTP Request Smuggling - Improper Delimiting of...
llhttp: HTTP Request Smuggling when parsing the body of chunked requests
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an...
llhttp: HTTP Request Smuggling due to spaces in headers
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an attacker can use this flaw to inject...
llhttp: HTTP Request Smuggling when parsing the body of chunked requests
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an...
llhttp: HTTP Request Smuggling due to spaces in headers
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an attacker can use this flaw to inject...
llhttp: HTTP Request Smuggling when parsing the body of chunked requests
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an...
llhttp: HTTP Request Smuggling due to spaces in headers
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an attacker can use this flaw to inject...
llhttp: HTTP Request Smuggling when parsing the body of chunked requests
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an...
Node.js: HTTP Request Smuggling Due To Improper Delimiting of Header Fields
Summary: The llhttp parser in the http module in Node v17.8.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. Description: The LF character without CR is sufficient to delimit HTTP header fields in the lihttp parser. According to...
AlmaLinux 8 : nodejs:16 (ALSA-2021:5171)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:5171 advisory. nodejs-json-schema: Prototype pollution vulnerability CVE-2021-3918 nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788 nodejs-glob-paren...
AlmaLinux 8 : nodejs:14 (ALSA-2022:0350)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0350 advisory. nodejs-json-schema: Prototype pollution vulnerability CVE-2021-3918 nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788 nodejs-glob-paren...
llhttp: HTTP Request Smuggling when parsing the body of chunked requests
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an...
llhttp: HTTP Request Smuggling due to spaces in headers
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an attacker can use this flaw to inject...
RHEL 8 : nodejs:14 (RHSA-2022:0246)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0246 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
llhttp: HTTP Request Smuggling when parsing the body of chunked requests
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an...