1155 matches found
AZL-10150 CVE-2022-32213 affecting package nodejs for versions less than 16.20.2-4
The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...
CVE-2022-32213
The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...
AZL-41051 CVE-2022-32213 affecting package rust for versions less than 1.75.0-1
The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...
AZL-41446 CVE-2022-32215 affecting package rust for versions less than 1.75.0-1
The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...
ALPINE-CVE-2022-32213
The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...
UBUNTU-CVE-2022-32213
The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...
CVE-2022-32213
The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...
CVE-2022-32215
The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...
UBUNTU-CVE-2022-32215
The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...
CVE-2022-32213
The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...
CVE-2022-32213
The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...
CVE-2022-32215
The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...
PT-2022-6218 · Apache +10 · Apache Http Server +10
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.54 and prior versions Description: The issue is related to the inconsistent interpretation of HTTP requests, also known as 'HTTP Request Smuggling', in the mod proxy ajp module of the Apache HTTP Server. This...
CVE-2022-32215
A vulnerability was found in NodeJS due to the llhttp parser in the HTTP module incorrectly handling multi-line Transfer-Encoding headers. This issue can lead to HTTP Request Smuggling HRS. This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle...
HTTP Request Smuggling
llhttp is vulnerable to http request smuggling. The vulnerability exists in the http function in http.ts due to a lack of validation and parsing of Transfer-Encoding headers which allows an attacker to smuggle HTTP requests...
Internet Bug Bounty: CVE-2022-32213 - HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding
Original Report: https://hackerone.com/reports/1524555 Impact Depending on the specific web application, HRS can lead to cache poisoning, bypassing of security layers, stealing of credentials and so on...
Internet Bug Bounty: CVE-2022-32215 - HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding
Original Report: https://hackerone.com/reports/1501679 Impact Depending on the specific web application, HRS can lead to cache poisoning, bypassing of security layers, stealing of credentials and so on...
HTTP Request Smuggling
Overview llhttp is a set of Ruby bindings for llhttp. Affected versions of this package are vulnerable to HTTP Request Smuggling when the llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. Remediation A fix was pushed into the master branch but not y...
HTTP Request Smuggling
Overview llhttp is a set of Ruby bindings for llhttp. Affected versions of this package are vulnerable to HTTP Request Smuggling. The llhttp parser in the http module does not correctly handle multi-line Transfer-Encoding headers. Remediation There is no fixed version for llhttp. References -...
Node.js 环境问题漏洞
Node.js is an open source, cross-platform JavaScript runtime environment. An environmental issue vulnerability exists in Node.js that stems from the llhttp parser in the Node.js http module not properly parsing and validating the Transfer-Encoding header, which could result in HTTP Request...