Llhttp
CVE-2021-22959
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
AnalysisAI
The parser in accepts requests with a space (SP) right after the header name before the colon. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as HTTP Request/Response Smuggling (CWE-444), which allows attackers to manipulate HTTP request interpretation between frontend and backend servers. The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6. Affected products include: Llhttp, Oracle Graalvm, Debian Debian Linux.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Enforce strict HTTP parsing, normalize requests at proxy layer, use HTTP/2 end-to-end, reject ambiguous headers.
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated wit
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line T
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequenc
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate
The parse function in llhttp < 2.1.4 and < 6.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely explo
Same weakness CWE-444 – HTTP Request/Response Smuggling
View allSame technique Request Smuggling
View allShare
External POC / Exploit Code
Leaving vuln.today