AZL-31039

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-31039.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-31039

Upstream

CVE-2022-35256

Published

2022-12-05T22:15:10Z

Modified

2026-04-01T05:09:54.543577Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

CVE-2022-35256 affecting package rust for versions less than 1.68.0-1

Details

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-35256

Affected packages

Azure Linux:2 / rust

Package

Name: rust
Purl: pkg:rpm/azure-linux/rust

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.68.0-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-31039.json"