CVE-2022-32214

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in npm/llhttp

Identifiers

CVE-2022-32214

Package Slug

npm/llhttp

Vulnerability

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Description

The llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).

Affected Versions

All versions before 2.1.5, all versions starting from 6.0.0 before 6.0.7

Solution

Upgrade to version 2.1.5, 6.0.7, or above.

Last Modified

2022-07-26

source