The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "libnode-dev", "binary_version": "12.22.9~dfsg-1ubuntu3" }, { "binary_name": "libnode72", "binary_version": "12.22.9~dfsg-1ubuntu3" }, { "binary_name": "libnode72-dbgsym", "binary_version": "12.22.9~dfsg-1ubuntu3" }, { "binary_name": "nodejs", "binary_version": "12.22.9~dfsg-1ubuntu3" }, { "binary_name": "nodejs-dbgsym", "binary_version": "12.22.9~dfsg-1ubuntu3" }, { "binary_name": "nodejs-doc", "binary_version": "12.22.9~dfsg-1ubuntu3" } ] }