CVE-2022-32213

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in npm/llhttp

Identifiers

CVE-2022-32213

Package Slug

npm/llhttp

Vulnerability

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Description

The llhttp parser in the http module in Node.js v17.x does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).

Affected Versions

All versions before 2.1.5, all versions starting from 6.0.0 before 6.0.7

Solution

Upgrade to version 2.1.5, 6.0.7, or above.

Last Modified

2022-07-26

source