Homepage

llhttp@9.3.0.0 vulnerabilities

llhttp in python

  • latest version

    9.3.0.0

  • first published

    5 years ago

  • latest version published

    3 months ago

  • licenses detected

  • View llhttp package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the llhttp package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    HTTP Request Smuggling

    llhttp is a simple Python wrapper around llhttp, the HTTP parser for Node.js.

    Affected versions of this package are vulnerable to HTTP Request Smuggling. when the llhttp parser in the http module does not adequately delimit HTTP requests with CRLF sequences.

    How to fix HTTP Request Smuggling?

    There is no fixed version for llhttp.

    [0,)
    • M
    HTTP Request Smuggling

    llhttp is a simple Python wrapper around llhttp, the HTTP parser for Node.js.

    Affected versions of this package are vulnerable to HTTP Request Smuggling. The llhttp parser in the http module does not correctly handle multi-line Transfer-Encoding headers.

    How to fix HTTP Request Smuggling?

    There is no fixed version for llhttp.

    [0,)
    • M
    HTTP Request Smuggling

    llhttp is a simple Python wrapper around llhttp, the HTTP parser for Node.js.

    Affected versions of this package are vulnerable to HTTP Request Smuggling when the llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers.

    How to fix HTTP Request Smuggling?

    A fix was pushed into the master branch but not yet published.

    [0,)
    • M
    HTTP Request Smuggling

    llhttp is a simple Python wrapper around llhttp, the HTTP parser for Node.js.

    Affected versions of this package are vulnerable to HTTP Request Smuggling via llhttp. The HTTP parser accepts requests with a space (SP) right after the header name before the colon.

    How to fix HTTP Request Smuggling?

    There is no fixed version for llhttp.

    [0,)
    • M
    HTTP Request Smuggling

    llhttp is a simple Python wrapper around llhttp, the HTTP parser for Node.js.

    Affected versions of this package are vulnerable to HTTP Request Smuggling via llhttp. The parse ignores chunk extensions when parsing the body of chunked requests.

    How to fix HTTP Request Smuggling?

    There is no fixed version for llhttp.

    [0,)
    Go back to all versions of this package