Описание
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 18.7.0+dfsg-5ubuntu1 |
| esm-apps/bionic | not-affected | code not present |
| esm-apps/focal | not-affected | code not present |
| esm-apps/jammy | not-affected | 12.22.9~dfsg-1ubuntu3 |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | not-affected | code not present |
| focal | not-affected | code not present |
| hirsute | ignored | end of life |
| impish | ignored | end of life |
Показывать по
EPSS
5.8 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extens ...
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
Уязвимость компонента LLHTTP программного средства работы с объектами NodeJS, позволяющая нарушителю повысить свои привилегии
EPSS
5.8 Medium
CVSS2
6.5 Medium
CVSS3