3 matches found
DEBIAN-CVE-2021-22959
The parser in accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS in llhttp v2.1.4 and v6.0.6...
UBUNTU-CVE-2021-22959
The parser in accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS in llhttp v2.1.4 and v6.0.6...
HTTP Request Smuggling
Overview llhttp is a set of Ruby bindings for llhttp. Affected versions of this package are vulnerable to HTTP Request Smuggling via llhttp. The HTTP parser accepts requests with a space SP right after the header name before the colon. Remediation There is no fixed version for llhttp. References ...