276 matches found
CVE-2021-22960
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...
DEBIAN-CVE-2021-22960
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...
CVE-2021-22960
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...
ALPINE-CVE-2021-22960
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...
Design/Logic Flaw
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...
CVE-2021-22960
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...
UBUNTU-CVE-2021-22960
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...
CVE-2021-22960
CVE-2021-22960 affects the llhttp parser used by Node.js (http module). The vulnerability is due to the parser ignoring chunk extensions when parsing the body of chunked requests, enabling HTTP Request Smuggling under certain proxy scenarios. Affected versions are llhttp before 2.1.4 and before 6...
CVE-2021-22960
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...
CVE-2021-22960
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...
CVE-2021-22960
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...
CVE-2021-22960
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an...
CVE-2021-22959
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an attacker can use this flaw to inject...
PT-2021-4365 · Llhttp +6 · Llhttp +6
Name of the Vulnerable Software and Affected Versions: llhttp versions prior to 2.1.4 llhttp versions prior to 6.0.6 Description: The issue is related to the parser in llhttp, which accepts requests with a space right after the header name before the colon, leading to HTTP Request Smuggling HRS...
HTTP Request Smuggling
Overview llhttp is a set of Ruby bindings for llhttp. Affected versions of this package are vulnerable to HTTP Request Smuggling via llhttp. The parse ignores chunk extensions when parsing the body of chunked requests. Remediation There is no fixed version for llhttp. References - GitHub Commit -...
HTTP Request Smuggling
Overview llhttp is a set of Ruby bindings for llhttp. Affected versions of this package are vulnerable to HTTP Request Smuggling via llhttp. The HTTP parser accepts requests with a space SP right after the header name before the colon. Remediation There is no fixed version for llhttp. References ...