Lucene search
HackeroneCVELIST:CVE-2021-22959HistoryNov 15, 2021 - 2:45 p.m.
CVE-2021-22959
2021-11-1514:45:16
CWE-444
hackerone
www.cve.org
6
parser
llhttp
requests
space
colon
http request smuggling
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
CNA Affected
[
{
"product": "https://github.com/nodejs/llhttp",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in llhttp v2.1.4 and v6.0.6"
}
]
}
]Related
ibm
ibm
nvd
nvd
CVE-2021-22959
2021-11-15 15:15:06
cve
cve
CVE-2021-22959
2021-11-15 15:15:06
veracode
veracode
HTTP Request Smuggling (HRS)
2021-10-13 17:26:57
redhatcve
redhatcve
CVE-2021-22959
2021-10-14 12:15:38
hackerone
hackerone
Node.js: HTTP Request Smuggling due to accepting space before colon
2021-06-20 11:10:00
ubuntucve
ubuntucve
CVE-2021-22959
2021-11-15 00:00:00
prion
prion
Design/Logic Flaw
2021-11-15 15:15:00
debiancve
debiancve
CVE-2021-22959
2021-11-15 15:15:06
osv
osv
CVE-2021-22959
2021-11-15 15:15:06
corepack16-16.13.0-1.1 on GA media
2024-06-15 00:00:00
nodejs14-14.18.1-1.1 on GA media
2024-06-15 00:00:00
alpinelinux
alpinelinux
CVE-2021-22959
2021-11-15 15:15:06
fedora
fedora
[SECURITY] Fedora 35 Update: nodejs-16.11.1-1.fc35
2021-10-29 23:27:03
[SECURITY] Fedora 33 Update: nodejs-14.18.1-1.fc33
2021-10-23 03:25:54
[SECURITY] Fedora 34 Update: nodejs-14.18.1-1.fc34
2021-10-23 03:22:47
nessus
nessus
openvas
openvas
Fedora: Security Advisory for nodejs (FEDORA-2021-9818cabe0d)
2021-10-30 00:00:00
Mageia: Security Advisory (MGASA-2021-0592)
2022-01-28 00:00:00
Fedora: Security Advisory for nodejs (FEDORA-2021-cbad295a90)
2021-10-24 00:00:00
archlinux
archlinux
[ASA-202110-4] nodejs: url request injection
2021-10-21 00:00:00
[ASA-202110-6] nodejs-lts-erbium: multiple issues
2021-10-21 00:00:00
[ASA-202110-5] nodejs-lts-fermium: multiple issues
2021-10-21 00:00:00
freebsd
freebsd
Node.js -- October 2021 Security Releases
2021-10-12 00:00:00
mageia
mageia
Updated nodejs packages fix security vulnerability
2021-12-30 19:41:51
nodejsblog
nodejsblog
October 12th 2021 Security Releases
2021-10-12 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package node version 14.18.2-alt1
2021-12-23 00:00:00
redhat
redhat
debian
debian
[SECURITY] [DSA 5170-1] nodejs security update
2022-06-27 18:43:09
suse
suse
Security update for nodejs14 (important)
2021-12-10 00:00:00
Security update for nodejs12 (important)
2021-12-06 00:00:00
Security update for nodejs14 (important)
2021-12-07 00:00:00
oraclelinux
oraclelinux
nodejs:16 security, bug fix, and enhancement update
2021-12-16 00:00:00
nodejs:14 security, bug fix, and enhancement update
2022-02-02 00:00:00
rocky
rocky
nodejs:16 security, bug fix, and enhancement update
2021-12-15 19:09:29
nodejs:14 security, bug fix, and enhancement update
2022-02-01 20:08:39
12 bug fix and enhancement update
2022-06-21 11:47:44
almalinux
almalinux
Moderate: nodejs:16 security, bug fix, and enhancement update
2021-12-15 19:09:29
Moderate: nodejs:14 security, bug fix, and enhancement update
2022-02-01 20:08:39
gentoo
gentoo
Node.js: Multiple Vulnerabilities
2024-05-08 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00