Описание
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 18.7.0+dfsg-5ubuntu1 |
| esm-apps/bionic | not-affected | code not present |
| esm-apps/focal | not-affected | code not present |
| esm-apps/jammy | not-affected | 12.22.9~dfsg-1ubuntu3 |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | not-affected | code not present |
| focal | not-affected | code not present |
| hirsute | ignored | end of life |
| impish | ignored | end of life |
Показывать по
EPSS
6.4 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
The parser in accepts requests with a space (SP) right after the heade ...
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
Уязвимость компонента LLHTTP программного средства работы с объектами NodeJS, позволяющая нарушителю повысить свои привилегии
EPSS
6.4 Medium
CVSS2
6.5 Medium
CVSS3