HTTP Request Smuggling Vulnerability in Node v18.7.0's llhttp Parser
CVE-2022-35256 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
Learn more about our Web Application Penetration Testing UK.