HTTP Request Smuggling (HRS) Vulnerability in Node.js HTTP Module
CVE-2022-32214 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
Learn more about our Web Application Penetration Testing UK.