A security issue has been found in Node.js prior to 16.11.1, 14.18.1 and 12.22.7. The parser ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
llhttp llhttp |
||
oracle graalvm 21.3.0 |
||
oracle graalvm 20.3.4 |
||
debian debian linux 11.0 |