HTTP Request Smuggling Vulnerability in Node v18.7.0's llhttp Parser

HTTP Request Smuggling Vulnerability in Node v18.7.0's llhttp Parser

CVE-2022-35256 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

Learn more about our Web Application Penetration Testing UK.