CVE-2022-35256 Vulnerability Details
/
/
/
CVE-2022-35256 Metadata Quick Info
CVE Published: 05/12/2022 |
CVE Updated: 03/08/2024 |
CVE Year: 2022
Source: hackerone |
Vendor: n/a |
Product: https://github.com/nodejs/node
Status : PUBLISHED
CVE-2022-35256 Description
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
Metrics
CVSS Version: 3.1 |
Base Score: n/a
Vector: n/a
l➤ Exploitability Metrics:
Attack Vector (AV)*
Attack Complexity (AC)*
Privileges Required (PR)*
User Interaction (UI)*
Scope (S)*
l➤ Impact Metrics:
Confidentiality Impact (C)*
Integrity Impact (I)*
Availability Impact (A)*
Weakness Enumeration (CWE)
CWE-ID: CWE-444
CWE Name: HTTP Request Smuggling (CWE-444)
Source: n/a
Common Attack Pattern Enumeration and Classification (CAPEC)
CAPEC-ID:
CAPEC Description: