Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

F5 Networks
F5 Networksadded 2022/12/27 4:42 a.m.35 views

K82567234: NodeJS vulnerability CVE-2022-32215

Security Advisory Description The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS. CVE-2022-32215 Impact Impact There is no impact; F5 products are not affected b...

6.5CVSS6.9AI score0.86472EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletinsadded 2022/10/21 5:31 p.m.41 views

Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Watson AIOps Infrastructure Automation

Summary A security vulnerability in Node.js affects IBM Cloud Pak for Watson AIOps Infrastructure Automation Vulnerability Details CVEID:CVE-2022-32215 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle multi-line Transfer-Encoding headers by t...

8.1CVSS7.8AI score0.86472EPSS
Exploits1Affected Software1
Node JS Blog
Node JS Blogadded 2022/09/15 12:0 a.m.42 views

September 23rd 2022 Security Releases

September 23rd 2022 Security Releases Update 26-September-2022 Security releases available Recommendation update regarding CVE-2022-35255: Roll-out and re-issue all keys generated with WebCrypto.subtle.generateKey. Re-evaluate the confidentiality of data encrypted with those keys. Update...

9.1CVSS8AI score0.86472EPSS
Exploits5
Hacker One
Hacker Oneadded 2022/08/10 8:50 a.m.73 views

Node.js: HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding (improper fix for CVE-2022-32215)

Summary: Due to an incomplete fix for CVE-2022-32215, the llhttp parser in the http module in Node v16.16.0 and 18.7.0 still does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS. Description: add more details about this vulnerability We have...

6.4CVSS7.4AI score0.86472EPSS
Exploits1
UbuntuCve
UbuntuCveadded 2022/07/14 3:15 p.m.32 views

CVE-2022-32215

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...

6.5CVSS6.8AI score0.86472EPSS
Exploits1References5
Debian CVE
Debian CVEadded 2022/07/14 12:0 a.m.25 views

CVE-2022-32215

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...

6.5CVSS7AI score0.86472EPSS
Exploits1
RedhatCVE
RedhatCVEadded 2022/07/08 7:17 p.m.37 views

CVE-2022-32215

A vulnerability was found in NodeJS due to the llhttp parser in the HTTP module incorrectly handling multi-line Transfer-Encoding headers. This issue can lead to HTTP Request Smuggling HRS. This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle...

6.5CVSS3.4AI score0.86472EPSS
Exploits1References4
Hacker One
Hacker Oneadded 2022/07/08 3:41 a.m.72 views

Internet Bug Bounty: CVE-2022-32215 - HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding

Original Report: https://hackerone.com/reports/1501679 Impact Depending on the specific web application, HRS can lead to cache poisoning, bypassing of security layers, stealing of credentials and so on...

6.4CVSS7.3AI score0.86472EPSS
Exploits1
Rows per page
Query Builder