Описание
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- Mailing ListThird Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Mailing ListThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
6.5 Medium
CVSS3
6.4 Medium
CVSS2
Дефекты
Связанные уязвимости
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
The parser in accepts requests with a space (SP) right after the heade ...
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
Уязвимость компонента LLHTTP программного средства работы с объектами NodeJS, позволяющая нарушителю повысить свои привилегии
EPSS
6.5 Medium
CVSS3
6.4 Medium
CVSS2