Back to search
CVE-2021-22959
Published: Nov 15, 2021
Modified: Apr 30, 2025
PUBLISHED
Description
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
| Vendor | Product | Versions |
|---|---|---|
NodeJS | Node | affected 4.0 - < 4.*affected 5.0 - < 5.*affected 6.0 - < 6.*affected 7.0 - < 7.*affected 8.0 - < 8.*+8 more versions |
Weaknesses (CWE)
References
https://hackerone.com/reports/1238709
x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.html
x_refsource_MISC
DSA-5170
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now