CVE-2022-35256

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-35256

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-35256.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-35256

Aliases

Downstream

ALPINE-CVE-2022-35256

BELL-CVE-2022-35256

CLEANSTART-2026-KN34553

CLEANSTART-2026-LN12820

DEBIAN-CVE-2022-35256

DSA-5326-1

OESA-2023-1551

RHSA-2022:6963

RHSA-2022:6964

RHSA-2022:7044

RHSA-2022:7821

RHSA-2022:7830

RHSA-2023:0321

RHSA-2023:1533

RHSA-2023:1742

RLSA-2022:6963

RLSA-2022:6964

RLSA-2022:7821

RLSA-2022:7830

RLSA-2023:0321

SUSE-SU-2022:3503-1

SUSE-SU-2022:3516-1

SUSE-SU-2022:3524-1

SUSE-SU-2022:3614-1

SUSE-SU-2022:3615-1

SUSE-SU-2022:3616-1

SUSE-SU-2022:3656-1

SUSE-SU-2022:3835-1

SUSE-SU-2023:0408-1

SUSE-SU-2023:0419-1

UBUNTU-CVE-2022-35256

USN-6491-1

openSUSE-SU-2024:12370-1

openSUSE-SU-2024:12376-1

Related

Published

2022-12-05T22:15:10.570Z

Modified

2026-02-24T11:42:49.933460Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

References

Affected packages

Git / github.com/wordpress/wordpress-develop

Affected ranges

Type: GIT
Repo: https://github.com/wordpress/wordpress-develop
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9c812eba2945d6d1ceca6fa2f1a9744d7f2f0029

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-35256.json"