CVE-2021-22959
15.11.2021, 15:15
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| llhttp | llhttp | 𝑥 < 2.1.4 |
| llhttp | llhttp | 3.0.0 ≤ 𝑥 < 6.0.6 |
| oracle | graalvm | 20.3.4 |
| oracle | graalvm | 21.3.0 |
| debian | debian_linux | 11.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| nodejs10 |
| ||||||||||||
| nodejs10-devel |
| ||||||||||||
| nodejs10-docs |
| ||||||||||||
| nodejs12 |
| ||||||||||||
| nodejs12-devel |
| ||||||||||||
| nodejs12-docs |
| ||||||||||||
| nodejs14 |
| ||||||||||||
| nodejs14-devel |
| ||||||||||||
| nodejs14-docs |
| ||||||||||||
| npm10 |
| ||||||||||||
| npm12 |
| ||||||||||||
| npm14 |
|