vulnerability
Oracle Linux: CVE-2022-32214: ELSA-2022-6448: nodejs:14 security and bug fix update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:N/C:P/I:P/A:N) | Jul 8, 2022 | Sep 15, 2022 | Dec 3, 2025 |
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
Jul 8, 2022
Added
Sep 15, 2022
Modified
Dec 3, 2025
Description
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
A vulnerability was found in NodeJS due to the llhttp parser in the http module not strictly using the CRLF sequence to delimit HTTP requests. This issue can lead to HTTP Request Smuggling (HRS). This flaw allows an attacker to send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers, causing web cache poisoning, and conducting XSS attacks.
A vulnerability was found in NodeJS due to the llhttp parser in the http module not strictly using the CRLF sequence to delimit HTTP requests. This issue can lead to HTTP Request Smuggling (HRS). This flaw allows an attacker to send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers, causing web cache poisoning, and conducting XSS attacks.
Solutions
oracle-linux-upgrade-graalvm22-ce-11oracle-linux-upgrade-graalvm22-ce-11-develoracle-linux-upgrade-graalvm22-ce-11-espressooracle-linux-upgrade-graalvm22-ce-11-espresso-llvmoracle-linux-upgrade-graalvm22-ce-11-fastroracle-linux-upgrade-graalvm22-ce-11-javascriptoracle-linux-upgrade-graalvm22-ce-11-jdkoracle-linux-upgrade-graalvm22-ce-11-libpolyglotoracle-linux-upgrade-graalvm22-ce-11-llvmoracle-linux-upgrade-graalvm22-ce-11-llvm-toolchainoracle-linux-upgrade-graalvm22-ce-11-native-imageoracle-linux-upgrade-graalvm22-ce-11-native-image-llvm-backendoracle-linux-upgrade-graalvm22-ce-11-nodejsoracle-linux-upgrade-graalvm22-ce-11-nodejs-develoracle-linux-upgrade-graalvm22-ce-11-polyglotoracle-linux-upgrade-graalvm22-ce-11-pythonoracle-linux-upgrade-graalvm22-ce-11-python-develoracle-linux-upgrade-graalvm22-ce-11-rubyoracle-linux-upgrade-graalvm22-ce-11-ruby-develoracle-linux-upgrade-graalvm22-ce-11-toolsoracle-linux-upgrade-graalvm22-ce-11-wasmoracle-linux-upgrade-graalvm22-ce-17oracle-linux-upgrade-graalvm22-ce-17-develoracle-linux-upgrade-graalvm22-ce-17-espressooracle-linux-upgrade-graalvm22-ce-17-espresso-llvmoracle-linux-upgrade-graalvm22-ce-17-fastroracle-linux-upgrade-graalvm22-ce-17-javascriptoracle-linux-upgrade-graalvm22-ce-17-jdkoracle-linux-upgrade-graalvm22-ce-17-libpolyglotoracle-linux-upgrade-graalvm22-ce-17-llvmoracle-linux-upgrade-graalvm22-ce-17-llvm-toolchainoracle-linux-upgrade-graalvm22-ce-17-native-imageoracle-linux-upgrade-graalvm22-ce-17-native-image-llvm-backendoracle-linux-upgrade-graalvm22-ce-17-nodejsoracle-linux-upgrade-graalvm22-ce-17-nodejs-develoracle-linux-upgrade-graalvm22-ce-17-polyglotoracle-linux-upgrade-graalvm22-ce-17-pythonoracle-linux-upgrade-graalvm22-ce-17-python-develoracle-linux-upgrade-graalvm22-ce-17-rubyoracle-linux-upgrade-graalvm22-ce-17-ruby-develoracle-linux-upgrade-graalvm22-ce-17-toolsoracle-linux-upgrade-graalvm22-ce-17-wasmoracle-linux-upgrade-nodejsoracle-linux-upgrade-nodejs-develoracle-linux-upgrade-nodejs-docsoracle-linux-upgrade-nodejs-full-i18noracle-linux-upgrade-nodejs-libsoracle-linux-upgrade-nodejs-nodemonoracle-linux-upgrade-nodejs-packagingoracle-linux-upgrade-npm
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.