HTTP Request Smuggling Affecting llhttp package, versions >=0.0.0

Attack Complexity

Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-RUBY-LLHTTP-2946725
published

10 Jul 2022
disclosed

10 Jul 2022
credit

Zeyu Zhang

Report a new vulnerability Found a mistake?

Introduced: 10 Jul 2022

CVE-2022-32214 Open this link in a new tab CWE-444 Open this link in a new tab

How to fix?

There is no fixed version for llhttp.

Overview

llhttp is a set of Ruby bindings for llhttp.

Affected versions of this package are vulnerable to HTTP Request Smuggling. when the llhttp parser in the http module does not adequately delimit HTTP requests with CRLF sequences.

References

GitHub Commit
GitHub Commit
GitHub Commit
Nodejs Blog

HTTP Request Smuggling Affecting llhttp package, versions >=0.0.0

Attack Complexity

snyk-id

published

disclosed

credit

Introduced: 10 Jul 2022

How to fix?

Overview

References