vulnerability

Red Hat: CVE-2022-32213: HTTP request smuggling due to flawed parsing of Transfer-Encoding (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:N/C:P/I:P/A:N)	Jul 14, 2022	Oct 20, 2022	Sep 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

Jul 14, 2022

Added

Oct 20, 2022

Modified

Sep 10, 2025

Description

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).

Solutions

redhat-upgrade-nodejsredhat-upgrade-nodejs-debuginforedhat-upgrade-nodejs-debugsourceredhat-upgrade-nodejs-develredhat-upgrade-nodejs-docsredhat-upgrade-nodejs-full-i18nredhat-upgrade-nodejs-libsredhat-upgrade-nodejs-libs-debuginforedhat-upgrade-nodejs-nodemonredhat-upgrade-nodejs-packagingredhat-upgrade-npm

References

CWE-444
NVD-CVE-2022-32213
REDHAT-RHSA-2022:6448
REDHAT-RHSA-2022:6449
REDHAT-RHSA-2022:6595
REDHAT-RHSA-2022:6985

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today