VDB
CVE-2022-45094
CVE-2022-45094
PUBLISHED
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).
EPSS 2.74% · 86.2th percentile
Risk Scores
EPSS Score
2.74%
86.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| NodeJS | Node | 4.0, 7.0, 9.0 |
Timeline
- Jan 10, 2023 CVE Published
- Jan 11, 2023 EPSS Score
- Feb 21, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 13, 2023 EPSS Score
- Jun 23, 2023 EPSS Score
- Aug 3, 2023 EPSS Score
- Sep 13, 2023 EPSS Score
- Dec 3, 2023 EPSS Score
- Jan 13, 2024 EPSS Score
- Feb 23, 2024 EPSS Score
- Apr 4, 2024 EPSS Score
References
- https://cert-portal.siemens.com/productcert/html/ssa-936212.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-482757.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-332410.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-476715.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-431678.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-997779.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-592007.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-349422.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-496604.html advisory
- https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/ url
- https://hackerone.com/reports/1524555 url
- FEDORA-2022-52dec6351a vendor-advisory
- FEDORA-2022-1667f7b60a vendor-advisory
- FEDORA-2022-de515f765f vendor-advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf url
- DSA-5326 vendor-advisory