The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
{ "ubuntu_priority": "medium", "binaries": [ { "binary_name": "libnode-dev", "binary_version": "12.22.9~dfsg-1ubuntu3.2" }, { "binary_name": "libnode72", "binary_version": "12.22.9~dfsg-1ubuntu3.2" }, { "binary_name": "libnode72-dbgsym", "binary_version": "12.22.9~dfsg-1ubuntu3.2" }, { "binary_name": "nodejs", "binary_version": "12.22.9~dfsg-1ubuntu3.2" }, { "binary_name": "nodejs-dbgsym", "binary_version": "12.22.9~dfsg-1ubuntu3.2" }, { "binary_name": "nodejs-doc", "binary_version": "12.22.9~dfsg-1ubuntu3.2" } ], "availability": "No subscription required" }