Wind River Support Network

HomeDefectsLIN1022-891
Fixed

LIN1022-891 : Security Advisory - nodejs - CVE-2022-32214

Created: Jul 11, 2022    Updated: Jan 15, 2023
Resolved Date: Jan 3, 2023
Found In Version: 10.22.33.1
Fix Version: 10.22.33.4
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Userspace

Description

The llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).

https://nvd.nist.gov/vuln/detail/CVE-2022-32214

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube