The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
{ "cpes": [ "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" ], "severity": "Medium" }