CVE-2022-32214

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-32214

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-32214.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-32214

Aliases

Downstream

ALPINE-CVE-2022-32214

BELL-CVE-2022-32214

DEBIAN-CVE-2022-32214

DSA-5326-1

OESA-2023-1551

RHSA-2022:6389

RHSA-2022:6448

RHSA-2022:6449

RHSA-2022:6595

RHSA-2022:6985

RLSA-2022:6448

RLSA-2022:6449

RLSA-2022:6595

SUSE-SU-2022:2415-1

SUSE-SU-2022:2416-1

SUSE-SU-2022:2417-1

SUSE-SU-2022:2425-1

SUSE-SU-2022:2430-1

SUSE-SU-2022:2491-1

SUSE-SU-2022:2551-1

SUSE-SU-2022:2855-1

SUSE-SU-2023:0408-1

SUSE-SU-2023:0419-1

UBUNTU-CVE-2022-32214

USN-6491-1

Related

Published

2022-07-14T15:15:08.337Z

Modified

2026-02-06T22:51:57.134672Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).

References

Affected packages

Git / github.com/nodejs/llhttp

Affected ranges

Type: GIT
Repo: https://github.com/nodejs/llhttp
Events: Introduced

3ec2251f809073fe8abdb50da6e7acb9d96a2ad9

Fixed

315a1c1b7695c2d1c4e80b359a3e30bc7b3f3f22

Fixed

f014c23bffb327f3749c6222e96247aec73a1caf

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-32214.json"