The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). (CVE-2022-32215)
Impact
For products with Nonein the Versions known to be vulnerable column, there is no impact.
For products with ****** in the various columns, F5 is still researching the issue and will update this article after confirming the required information. F5 Support has no additional information about this issue.
CPE | Name | Operator | Version |
---|---|---|---|
big-ip spk | eq |