RSS   Vulnerabilities for 'Llhttp'   RSS

2021-11-15
 
CVE-2021-22959

CWE-444
 

 
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.

 
2021-11-03
 
CVE-2021-22960

CWE-444
 

 
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.

 


Copyright 2024, cxsecurity.com

 

Back to Top