Shodan
Vulnerabilities
Vulnerable Software
Llhttp:  >> Llhttp  >> 1.1.1  Security Vulnerabilities
CVE-2022-35256
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
CVSS Score
6.5
EPSS Score
0.036
Published
2022-12-05
CVE-2022-32213
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).
CVSS Score
6.5
EPSS Score
0.885
Published
2022-07-14
CVE-2022-32214
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
CVSS Score
6.5
EPSS Score
0.393
Published
2022-07-14
CVE-2021-22959
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-11-15
CVE-2021-22960
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-11-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved