llhttp@6.0.9.0 vulnerabilities

llhttp in python

latest version

6.0.9.0
first published

4 years ago
latest version published

2 years ago
licenses detected
- MIT
  [0,)
View llhttp package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the llhttp package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M HTTP Request Smuggling llhttp is a simple Python wrapper around llhttp, the HTTP parser for Node.js. Affected versions of this package are vulnerable to HTTP Request Smuggling. when the `llhttp` parser in the http module does not adequately delimit HTTP requests with CRLF sequences. How to fix HTTP Request Smuggling? There is no fixed version for `llhttp`.	[0,)
M HTTP Request Smuggling llhttp is a simple Python wrapper around llhttp, the HTTP parser for Node.js. Affected versions of this package are vulnerable to HTTP Request Smuggling. The `llhttp` parser in the http module does not correctly handle multi-line Transfer-Encoding headers. How to fix HTTP Request Smuggling? There is no fixed version for `llhttp`.	[0,)
M HTTP Request Smuggling llhttp is a simple Python wrapper around llhttp, the HTTP parser for Node.js. Affected versions of this package are vulnerable to HTTP Request Smuggling when the `llhttp` parser in the `http` module does not correctly parse and validate `Transfer-Encoding` headers. How to fix HTTP Request Smuggling? A fix was pushed into the `master` branch but not yet published.	[0,)
M HTTP Request Smuggling llhttp is a simple Python wrapper around llhttp, the HTTP parser for Node.js. Affected versions of this package are vulnerable to HTTP Request Smuggling via `llhttp`. The parse ignores chunk extensions when parsing the body of chunked requests. How to fix HTTP Request Smuggling? There is no fixed version for `llhttp`.	[0,)
M HTTP Request Smuggling llhttp is a simple Python wrapper around llhttp, the HTTP parser for Node.js. Affected versions of this package are vulnerable to HTTP Request Smuggling via `llhttp`. The HTTP parser accepts requests with a space (`SP`) right after the header name before the colon. How to fix HTTP Request Smuggling? There is no fixed version for `llhttp`.	[0,)

Go back to all versions of this package

llhttp@6.0.9.0 vulnerabilities

llhttp in python

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities