CVE-2022-32213: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

July 14, 2022 (updated November 7, 2023)

The llhttp parser in the http module in Node.js v17.x does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).

References

nodejs.org/en/blog/vulnerability/july-2022-security-releases/
nvd.nist.gov/vuln/detail/CVE-2022-32213

Detect and mitigate CVE-2022-32213 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →