VDB
DEBIAN-CVE-2022-35256
DEBIAN-CVE-2022-35256
PUBLISHED
CVSS 6.5 MEDIUM
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | nodejs | 12.22.7, 0, 12.21.0 |
| Debian | nodejs | |
| Debian:13 | nodejs | 0, 0, 0 |
| Debian:12 | nodejs | 0, 0, 0 |
| Debian:14 | nodejs | 0, 0, 0 |
Timeline
- Dec 5, 2022 CVE Published
- Apr 28, 2026 CVE Updated