Wind River Support Network

HomeDefectsLIN1022-1871
Fixed

LIN1022-1871 : Security Advisory - nodejs - CVE-2022-35256

Created: Sep 23, 2022    Updated: Jan 15, 2023
Resolved Date: Jan 3, 2023
Found In Version: 10.22.33.1
Fix Version: 10.22.33.4
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Userspace

Description

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

https://nvd.nist.gov/vuln/detail/CVE-2022-35256

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube