Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
The llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
All versions before 2.1.5, all versions starting from 6.0.0 before 6.0.7
Upgrade to version 2.1.5, 6.0.7, or above.