vulnerability
Oracle Linux: CVE-2022-32215: ELSA-2022-9947: GraalVM Security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:N/C:P/I:P/A:N) | 2022-07-08 | 2022-09-15 | 2025-01-11 |
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
2022-07-08
Added
2022-09-15
Modified
2025-01-11
Description
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
A vulnerability was found in NodeJS due to the llhttp parser in the HTTP module incorrectly handling multi-line Transfer-Encoding headers. This issue can lead to HTTP Request Smuggling (HRS). This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers, causing web cache poisoning, and conducting XSS attacks.
A vulnerability was found in NodeJS due to the llhttp parser in the HTTP module incorrectly handling multi-line Transfer-Encoding headers. This issue can lead to HTTP Request Smuggling (HRS). This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers, causing web cache poisoning, and conducting XSS attacks.
Solution(s)
oracle-linux-upgrade-graalvm22-ce-11oracle-linux-upgrade-graalvm22-ce-11-develoracle-linux-upgrade-graalvm22-ce-11-espressooracle-linux-upgrade-graalvm22-ce-11-espresso-llvmoracle-linux-upgrade-graalvm22-ce-11-fastroracle-linux-upgrade-graalvm22-ce-11-javascriptoracle-linux-upgrade-graalvm22-ce-11-jdkoracle-linux-upgrade-graalvm22-ce-11-libpolyglotoracle-linux-upgrade-graalvm22-ce-11-llvmoracle-linux-upgrade-graalvm22-ce-11-llvm-toolchainoracle-linux-upgrade-graalvm22-ce-11-native-imageoracle-linux-upgrade-graalvm22-ce-11-native-image-llvm-backendoracle-linux-upgrade-graalvm22-ce-11-nodejsoracle-linux-upgrade-graalvm22-ce-11-nodejs-develoracle-linux-upgrade-graalvm22-ce-11-polyglotoracle-linux-upgrade-graalvm22-ce-11-pythonoracle-linux-upgrade-graalvm22-ce-11-python-develoracle-linux-upgrade-graalvm22-ce-11-rubyoracle-linux-upgrade-graalvm22-ce-11-ruby-develoracle-linux-upgrade-graalvm22-ce-11-toolsoracle-linux-upgrade-graalvm22-ce-11-wasmoracle-linux-upgrade-graalvm22-ce-17oracle-linux-upgrade-graalvm22-ce-17-develoracle-linux-upgrade-graalvm22-ce-17-espressooracle-linux-upgrade-graalvm22-ce-17-espresso-llvmoracle-linux-upgrade-graalvm22-ce-17-fastroracle-linux-upgrade-graalvm22-ce-17-javascriptoracle-linux-upgrade-graalvm22-ce-17-jdkoracle-linux-upgrade-graalvm22-ce-17-libpolyglotoracle-linux-upgrade-graalvm22-ce-17-llvmoracle-linux-upgrade-graalvm22-ce-17-llvm-toolchainoracle-linux-upgrade-graalvm22-ce-17-native-imageoracle-linux-upgrade-graalvm22-ce-17-native-image-llvm-backendoracle-linux-upgrade-graalvm22-ce-17-nodejsoracle-linux-upgrade-graalvm22-ce-17-nodejs-develoracle-linux-upgrade-graalvm22-ce-17-polyglotoracle-linux-upgrade-graalvm22-ce-17-pythonoracle-linux-upgrade-graalvm22-ce-17-python-develoracle-linux-upgrade-graalvm22-ce-17-rubyoracle-linux-upgrade-graalvm22-ce-17-ruby-develoracle-linux-upgrade-graalvm22-ce-17-toolsoracle-linux-upgrade-graalvm22-ce-17-wasmoracle-linux-upgrade-nodejsoracle-linux-upgrade-nodejs-develoracle-linux-upgrade-nodejs-docsoracle-linux-upgrade-nodejs-full-i18noracle-linux-upgrade-nodejs-libsoracle-linux-upgrade-nodejs-nodemonoracle-linux-upgrade-nodejs-packagingoracle-linux-upgrade-npm
References
- CVE-2022-32215
- https://attackerkb.com/topics/CVE-2022-32215
- ELSA-ELSA-2022-9947
- ELSA-ELSA-2022-6595
- ELSA-ELSA-2022-9948
- ELSA-ELSA-2022-6449
- ELSA-ELSA-2022-6448
- ELSA-ELSA-2022-9954
- ELSA-ELSA-2022-9944
- ELSA-ELSA-2022-9955
- ELSA-ELSA-2022-9950
- ELSA-ELSA-2022-9949
- ELSA-ELSA-2022-9952
- ELSA-ELSA-2022-9951
- ELSA-ELSA-2022-9953
- ELSA-ELSA-2022-9946
- ELSA-ELSA-2022-9945
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.