Your submission was sent successfully! Close

CVE-2021-22959

Published: 15 November 2021

The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
nodejs
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

trusty Needs triage

upstream
Released (12.22.7~dfsg-1)
xenial Ignored
(out of standard support)