CVE-2022-32213

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-32213

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32213.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-32213

Aliases

Downstream

ALPINE-CVE-2022-32213

BELL-CVE-2022-32213

DEBIAN-CVE-2022-32213

DSA-5326-1

OESA-2023-1551

RHSA-2022:6389

RHSA-2022:6448

RHSA-2022:6449

RHSA-2022:6595

RHSA-2022:6985

RLSA-2022:6448

RLSA-2022:6449

RLSA-2022:6595

SUSE-SU-2022:2415-1

SUSE-SU-2022:2416-1

SUSE-SU-2022:2417-1

SUSE-SU-2022:2425-1

SUSE-SU-2022:2430-1

SUSE-SU-2022:2491-1

SUSE-SU-2022:2551-1

SUSE-SU-2022:2855-1

SUSE-SU-2022:3503-1

SUSE-SU-2022:3516-1

SUSE-SU-2022:3524-1

SUSE-SU-2022:3614-1

SUSE-SU-2022:3615-1

SUSE-SU-2022:3616-1

SUSE-SU-2022:3656-1

SUSE-SU-2022:3835-1

SUSE-SU-2023:0408-1

SUSE-SU-2023:0419-1

UBUNTU-CVE-2022-32213

USN-6491-1

openSUSE-SU-2024:12199-1

openSUSE-SU-2024:12349-1

openSUSE-SU-2024:12408-1

openSUSE-SU-2025:15095-1

Related

Published

2022-07-14T15:15:08.287Z

Modified

2026-02-11T07:41:47.905948Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).

References

Affected packages

Git / github.com/wordpress/wordpress-develop

Affected ranges

Type: GIT
Repo: https://github.com/wordpress/wordpress-develop
Events: Fixed

41c3e6661fba463694abb2f2984ffd258393f059

Introduced

1c0a2efa5eac05dfd3b7d2b9cfe68e02da55b966

Fixed

51e1504558785e87360fe93a9178608551960ea1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32213.json"