CVE-2022-32215

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-32215

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-32215.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-32215

Aliases

Downstream

ALPINE-CVE-2022-32215

BELL-CVE-2022-32215

CLEANSTART-2026-JY06700

CLEANSTART-2026-KN34553

CLEANSTART-2026-LN12820

CLEANSTART-2026-WI75198

DEBIAN-CVE-2022-32215

DSA-5326-1

OESA-2023-1551

RHSA-2022:6389

RHSA-2022:6448

RHSA-2022:6449

RHSA-2022:6595

RHSA-2022:6985

RLSA-2022:6448

RLSA-2022:6449

RLSA-2022:6595

SUSE-SU-2022:2415-1

SUSE-SU-2022:2416-1

SUSE-SU-2022:2417-1

SUSE-SU-2022:2425-1

SUSE-SU-2022:2430-1

SUSE-SU-2022:2491-1

SUSE-SU-2022:2551-1

SUSE-SU-2022:2855-1

SUSE-SU-2022:3524-1

SUSE-SU-2022:3615-1

SUSE-SU-2022:3656-1

SUSE-SU-2023:0408-1

SUSE-SU-2023:0419-1

UBUNTU-CVE-2022-32215

USN-6491-1

openSUSE-SU-2024:12370-1

openSUSE-SU-2024:12376-1

Related

Published

2022-07-14T15:15:08.387Z

Modified

2026-02-24T11:42:42.934097Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

References

Affected packages

Git / github.com/wordpress/wordpress-develop

Affected ranges

Type: GIT
Repo: https://github.com/wordpress/wordpress-develop
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

41c3e6661fba463694abb2f2984ffd258393f059

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-32215.json"