HTTP Request Smuggling (HRS) Vulnerability in Node.js HTTP Module

HTTP Request Smuggling (HRS) Vulnerability in Node.js HTTP Module

CVE-2022-32214 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).

Learn more about our Web Application Penetration Testing UK.