Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-35256

Опубликовано: 05 дек. 2022
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 6.5

Описание

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

not-affected

18.13.0+dfsg1-1ubuntu2
esm-apps/bionic

not-affected

code not present
esm-apps/focal

not-affected

code not present
esm-apps/jammy

released

12.22.9~dfsg-1ubuntu3.2
esm-apps/xenial

not-affected

code not present
esm-infra-legacy/trusty

not-affected

code not present
focal

not-affected

code not present
jammy

released

12.22.9~dfsg-1ubuntu3.2
kinetic

ignored

end of life, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 87%
0.03548
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2022-35256

CVSS3: 6.5
redhat
больше 2 лет назад

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

nvd логотип

CVE-2022-35256

CVSS3: 6.5
nvd
больше 2 лет назад

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

msrc логотип

CVE-2022-35256

CVSS3: 6.5
msrc
больше 2 лет назад

Описание отсутствует

debian логотип

CVE-2022-35256

CVSS3: 6.5
debian
больше 2 лет назад

The llhttp parser in the http module in Node v18.7.0 does not correctl ...

github логотип

GHSA-rc2m-q589-vpqx

CVSS3: 9.8
github
больше 2 лет назад

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

EPSS

Процентиль: 87%
0.03548
Низкий

6.5 Medium

CVSS3