Llhttp
By the Year
In 2024 there have been 0 vulnerabilities in Llhttp . Llhttp did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 4 | 6.50 |
| 2021 | 2 | 6.50 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Llhttp vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Llhttp Security Vulnerabilities
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF
CVE-2022-35256
6.5 - Medium
- December 05, 2022
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
HTTP Request Smuggling
The llhttp parser <v14.20.1
CVE-2022-32215
6.5 - Medium
- July 14, 2022
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
HTTP Request Smuggling
The llhttp parser <v14.20.1
CVE-2022-32214
6.5 - Medium
- July 14, 2022
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
HTTP Request Smuggling
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and
CVE-2022-32213
6.5 - Medium
- July 14, 2022
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).
HTTP Request Smuggling
The parser in accepts requests with a space (SP) right after the header name before the colon
CVE-2021-22959
6.5 - Medium
- November 15, 2021
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
HTTP Request Smuggling
The parse function in llhttp < 2.1.4 and < 6.0.6
CVE-2021-22960
6.5 - Medium
- November 03, 2021
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
HTTP Request Smuggling
