Llhttp Security Vulnerabilities and Issues — Llhttp CVE List

Lucene search

LlhttpLlhttp

6 matches found

CVE•added 2022/12/05 10:15 p.m.•360 views

CVE-2022-35256

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

6.5CVSS7.9AI score0.04594EPSS

CVE•added 2021/11/03 8:15 p.m.•248 views

CVE-2021-22960

The parse function in llhttp < 2.1.4 and

6.5CVSS7.2AI score0.00206EPSS

CVE•added 2021/11/15 3:15 p.m.•229 views

CVE-2021-22959

The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and

6.5CVSS7.1AI score0.00186EPSS

CVE•added 2022/07/14 3:15 p.m.•216 views

CVE-2022-32215

The llhttp parser <v14.20.1, <v16.17.1 and

6.5CVSS7.1AI score0.88045EPSS

CVE•added 2022/07/14 3:15 p.m.•210 views

CVE-2022-32213

The llhttp parser <v14.20.1, <v16.17.1 and

6.5CVSS7.2AI score0.89015EPSS

CVE•added 2022/07/14 3:15 p.m.•187 views

CVE-2022-32214

The llhttp parser <v14.20.1, <v16.17.1 and

6.5CVSS7AI score0.64855EPSS