PT-2022-21155 · Node.Js+8 · Node.Js+8

Zeyu Zhang

+1

·

Published

2022-07-08

·

Updated

2026-05-18

·

CVE-2022-32215

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Node.js versions prior to 14.20.1 Node.js versions prior to 16.17.1 Node.js versions prior to 18.9.1
Description The issue arises from the llhttp parser in the http module of Node.js not correctly handling multi-line Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS).
Recommendations For versions prior to 14.20.1, update to version 14.20.1 or later. For versions prior to 16.17.1, update to version 16.17.1 or later. For versions prior to 18.9.1, update to version 18.9.1 or later.

Exploit

Fix

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-444

Related Identifiers

ALSA-2022:6448
ALSA-2022:6595
ALT-PU-2022-2226
ALT-PU-2022-3073
ALT-PU-2022-3235
AZL-10153
AZL-41446
BIT-NODE-2022-32215
BIT-NODE-MIN-2022-32215
CESA-2022_6448
CESA-2022_6449
CLEANSTART-2026-BD71263
CLEANSTART-2026-IS74202
CLEANSTART-2026-JR35772
CLEANSTART-2026-JY06700
CLEANSTART-2026-KN34553
CLEANSTART-2026-KZ45320
CLEANSTART-2026-LJ44720
CLEANSTART-2026-LN12820
CLEANSTART-2026-TX00223
CLEANSTART-2026-WI75198
CVE-2022-32215
DSA-5326-1
MGASA-2022-0294
OESA-2023-1551
OPENSUSE-SU-2022_2425-1
OPENSUSE-SU-2022_2430-1
OPENSUSE-SU-2022_2491-1
OPENSUSE-SU-2022_2551-1
OPENSUSE-SU-2022_2855-1
OPENSUSE-SU-2022_3615-1
OPENSUSE-SU-2022_3656-1
OPENSUSE-SU-2023_0419-1
OPENSUSE-SU-2024:12370-1
OPENSUSE-SU-2024:12376-1
RHSA-2022:6389
RHSA-2022:6448
RHSA-2022:6449
RHSA-2022:6595
RHSA-2022:6985
RHSA-2022_6448
RHSA-2022_6449
RHSA-2022_6595
RLSA-2022:6448
RLSA-2022:6449
RLSA-2022:6595
SUSE-SU-2022:2415-1
SUSE-SU-2022:2416-1
SUSE-SU-2022:2417-1
SUSE-SU-2022:2425-1
SUSE-SU-2022:2430-1
SUSE-SU-2022:2491-1
SUSE-SU-2022:2551-1
SUSE-SU-2022:2855-1
SUSE-SU-2022:3524-1
SUSE-SU-2022:3615-1
SUSE-SU-2022:3656-1
SUSE-SU-2023:0408-1
SUSE-SU-2023:0419-1
USN-6491-1

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Node.Js
Red Hat
Rocky Linux
Suse
Ubuntu