llhttp llhttp 1.1.3 for Node.js

CPE Details

llhttp llhttp 1.1.3 for Node.js
llhttp
llhttp
1.1.3
2021-11-04
12h36 +00:00
2021-11-04
12h46 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:llhttp:llhttp:1.1.3:*:*:*:*:node.js:*:*

Informations

Vendor

llhttp

Product

llhttp

Version

1.1.3

Target Software

node.js

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-35256 2022-12-04
23h00 +00:00		 The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
6.5
Medium
CVE-2022-32213 2022-07-13
22h00 +00:00		 The llhttp parser
6.5
Medium
CVE-2022-32214 2022-07-13
22h00 +00:00		 The llhttp parser
6.5
Medium
CVE-2021-22959 2021-11-15
13h45 +00:00		 The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
6.5
Medium
CVE-2021-22960 2021-11-03
18h22 +00:00		 The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
6.5
Medium