CVE-2022-32215

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-32215

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32215.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-32215

Aliases

Downstream

ALPINE-CVE-2022-32215

DEBIAN-CVE-2022-32215

DSA-5326-1

OESA-2023-1551

RHSA-2022:6389

RHSA-2022:6448

RHSA-2022:6449

RHSA-2022:6595

RHSA-2022:6985

SUSE-SU-2022:2415-1

SUSE-SU-2022:2416-1

SUSE-SU-2022:2417-1

SUSE-SU-2022:2425-1

SUSE-SU-2022:2430-1

SUSE-SU-2022:2491-1

SUSE-SU-2022:2551-1

SUSE-SU-2022:2855-1

SUSE-SU-2022:3524-1

SUSE-SU-2022:3615-1

SUSE-SU-2022:3656-1

SUSE-SU-2023:0408-1

SUSE-SU-2023:0419-1

UBUNTU-CVE-2022-32215

USN-6491-1

openSUSE-SU-2024:12370-1

openSUSE-SU-2024:12376-1

Related

Published

2022-07-14T15:15:08Z

Modified

2025-09-30T07:57:15.234178Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type: GIT
Repo: https://github.com/nodejs/node
Events: Introduced

73aa21658dfa6a22c06451d080152b32b1f98dbe

Fixed

c11b8215bd6388854efcc9302a7383c8c63b8127

Affected versions

v14.*

v14.0.0

v14.1.0

v14.10.0

v14.10.1

v14.11.0

v14.12.0

v14.13.0

v14.13.1

v14.14.0

v14.15.0

v14.15.1

v14.15.2

v14.15.3

v14.15.4

v14.15.5

v14.16.0

v14.16.1

v14.17.0

v14.17.1

v14.17.2

v14.17.3

v14.17.4

v14.17.5

v14.17.6

v14.18.0

v14.18.1

v14.18.2

v14.18.3

v14.19.0

v14.19.1

v14.19.2

v14.19.3

v14.2.0

v14.20.0

v14.3.0

v14.4.0

v14.5.0

v14.6.0

v14.7.0

v14.8.0

v14.9.0