CVE-2022-32215

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-32215
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32215.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-32215
Aliases
Downstream
Related
Published
2022-07-14T15:15:08.387Z
Modified
2026-04-16T04:32:18.236004813Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

References

Affected packages

Git / github.com/nodejs/llhttp

Affected ranges

Type
GIT
Repo
https://github.com/nodejs/llhttp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2a48d50c18805d668c09860e26203247c050f8fc
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2a48d50c18805d668c09860e26203247c050f8fc
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0-sp1"
        }
    ]
}
Type
GIT
Repo
https://github.com/nodejs/node
Events
Introduced
73aa21658dfa6a22c06451d080152b32b1f98dbe
Fixed
c11b8215bd6388854efcc9302a7383c8c63b8127
Introduced
7162e686b18d22b4385fa5c04274fb04dbd810c7
Fixed
6b06e89c7dfccec6792008302af1cee57649445c
Introduced
49a77a5a996a49e8cb728eed42e55a7c1a9eef6e
Fixed
df3ed1e89299e4c8f006fc20e22265a889c97919
Introduced
73aa21658dfa6a22c06451d080152b32b1f98dbe
Last affected
354b6a93bd1d66f1833489d6fe01a2b0e8f6aff9
Introduced
c1da528bc25c9cc5a8240a7b4f136f5968f6e113
Fixed
50871b58d79c2493df7ed594d543df8a4162f4a4
Introduced
7162e686b18d22b4385fa5c04274fb04dbd810c7
Last affected
49415500bb1bf51a1fade5ea2d03f3988ecabc25
Introduced
40ecd5601193c316e62e9216e8a4259130686208
Fixed
c98901f00d4b31a9a4b14d161177a7d9a64e36f7
Introduced
49a77a5a996a49e8cb728eed42e55a7c1a9eef6e
Fixed
0a18e136b4a1e860bb2befcbd1f78661ed5fb5e7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b65a11e072cf751d8c2a9699451ef80022d4ffbc
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
cea049bcf8bb0f9a6e0095dbd5dffdb14dc8f71b
Database specific 
{
    "versions": [
        {
            "introduced": "14.0.0"
        },
        {
            "fixed": "14.20.1"
        },
        {
            "introduced": "16.0.0"
        },
        {
            "fixed": "16.17.1"
        },
        {
            "introduced": "18.0.0"
        },
        {
            "fixed": "18.9.1"
        },
        {
            "introduced": "14.0.0"
        },
        {
            "last_affected": "14.14.0"
        },
        {
            "introduced": "14.15.0"
        },
        {
            "fixed": "14.20.0"
        },
        {
            "introduced": "16.0.0"
        },
        {
            "last_affected": "16.12.0"
        },
        {
            "introduced": "16.13.0"
        },
        {
            "fixed": "16.16.0"
        },
        {
            "introduced": "18.0.0"
        },
        {
            "fixed": "18.5.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0-sp2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0"
        }
    ]
}

Affected versions

v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.6
v0.1.0
v0.1.1
v0.1.10
v0.1.100
v0.1.101
v0.1.102
v0.1.103
v0.1.104
v0.1.11
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.18
v0.1.19
v0.1.2
v0.1.20
v0.1.21
v0.1.22
v0.1.23
v0.1.24
v0.1.25
v0.1.26
v0.1.27
v0.1.28
v0.1.29
v0.1.3
v0.1.30
v0.1.31
v0.1.32
v0.1.33
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.1.92
v0.1.93
v0.1.94
v0.1.95
v0.1.96
v0.1.97
v0.1.98
v0.1.99
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.5.0
v0.5.1
v0.5.10
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.5-rc1
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.7.0
v0.7.2
v0.7.3
v1.*
v1.0.1
v1.0.1-release
v1.0.2
v1.0.2-release
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.3.0
v1.4.1
v1.4.2
v1.4.3
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.7.0
v1.7.1
v11.*
v11.0.0
v14.*
v14.0.0
v14.1.0
v14.10.0
v14.10.1
v14.11.0
v14.12.0
v14.13.0
v14.13.1
v14.14.0
v14.15.0
v14.15.1
v14.15.2
v14.15.3
v14.15.4
v14.15.5
v14.16.0
v14.16.1
v14.17.0
v14.17.1
v14.17.2
v14.17.3
v14.17.4
v14.17.5
v14.17.6
v14.18.0
v14.18.1
v14.18.2
v14.18.3
v14.19.0
v14.19.1
v14.19.2
v14.19.3
v14.2.0
v14.20.0
v14.3.0
v14.4.0
v14.5.0
v14.6.0
v14.7.0
v14.8.0
v14.9.0
v16.*
v16.0.0
v16.1.0
v16.10.0
v16.11.0
v16.11.1
v16.12.0
v16.13.0
v16.13.1
v16.13.2
v16.14.0
v16.14.1
v16.14.2
v16.15.0
v16.15.1
v16.16.0
v16.17.0
v16.2.0
v16.3.0
v16.4.0
v16.4.1
v16.4.2
v16.5.0
v16.6.0
v16.6.1
v16.6.2
v16.7.0
v16.8.0
v16.9.0
v16.9.1
v18.*
v18.0.0
v18.1.0
v18.2.0
v18.3.0
v18.4.0
v18.5.0
v18.6.0
v18.7.0
v18.8.0
v18.9.0
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.2.0
v2.2.1
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.4.0
v2.5.0
v3.*
v3.0.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32215.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "35"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "36"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "37"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "3.3.2"
            }
        ]
    }
]