Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-4?distro=sid
Typedeb
Namespacedebian
Namellhttp
Version9.3.3~really9.3.0+~cs12.11.8-4
Qualifiers
distro sid
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-8c4g-fjsa-nkhw
vulnerability_id VCID-8c4g-fjsa-nkhw
summary 
llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields
The llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. The LF character (without CR) is sufficient to delimit HTTP header fields in the lihttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This can lead to HTTP Request Smuggling (HRS).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32214.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32214.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-32214
reference_id
reference_type
scores
0
value 0.39294
scoring_system epss
scoring_elements 0.973
published_at 2026-04-21T12:55:00Z
1
value 0.39294
scoring_system epss
scoring_elements 0.97296
published_at 2026-04-16T12:55:00Z
2
value 0.39294
scoring_system epss
scoring_elements 0.97298
published_at 2026-04-18T12:55:00Z
3
value 0.45841
scoring_system epss
scoring_elements 0.97608
published_at 2026-04-02T12:55:00Z
4
value 0.45841
scoring_system epss
scoring_elements 0.97622
published_at 2026-04-11T12:55:00Z
5
value 0.45841
scoring_system epss
scoring_elements 0.97619
published_at 2026-04-09T12:55:00Z
6
value 0.45841
scoring_system epss
scoring_elements 0.97617
published_at 2026-04-08T12:55:00Z
7
value 0.45841
scoring_system epss
scoring_elements 0.97612
published_at 2026-04-07T12:55:00Z
8
value 0.45841
scoring_system epss
scoring_elements 0.97611
published_at 2026-04-04T12:55:00Z
9
value 0.45841
scoring_system epss
scoring_elements 0.97625
published_at 2026-04-13T12:55:00Z
10
value 0.45841
scoring_system epss
scoring_elements 0.97624
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-32214
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
9
reference_url https://datatracker.ietf.org/doc/html/rfc7230#section-3
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://datatracker.ietf.org/doc/html/rfc7230#section-3
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb
12
reference_url https://hackerone.com/reports/1524692
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/1524692
13
reference_url https://nodejs.org/en/blog/vulnerability/july-2022-security-releases
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nodejs.org/en/blog/vulnerability/july-2022-security-releases
14
reference_url https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
reference_id
reference_type
scores
url https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-32214
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-32214
16
reference_url https://security.netapp.com/advisory/ntap-20220915-0001
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220915-0001
17
reference_url https://security.netapp.com/advisory/ntap-20220915-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220915-0001/
18
reference_url https://www.debian.org/security/2023/dsa-5326
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5326
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2105428
reference_id 2105428
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2105428
20
reference_url https://github.com/advisories/GHSA-q5vx-44v4-gch4
reference_id GHSA-q5vx-44v4-gch4
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q5vx-44v4-gch4
21
reference_url https://security.gentoo.org/glsa/202405-29
reference_id GLSA-202405-29
reference_type
scores
url https://security.gentoo.org/glsa/202405-29
22
reference_url https://access.redhat.com/errata/RHSA-2022:6389
reference_id RHSA-2022:6389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6389
23
reference_url https://access.redhat.com/errata/RHSA-2022:6448
reference_id RHSA-2022:6448
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6448
24
reference_url https://access.redhat.com/errata/RHSA-2022:6449
reference_id RHSA-2022:6449
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6449
25
reference_url https://access.redhat.com/errata/RHSA-2022:6595
reference_id RHSA-2022:6595
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6595
26
reference_url https://access.redhat.com/errata/RHSA-2022:6985
reference_id RHSA-2022:6985
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6985
27
reference_url https://usn.ubuntu.com/6491-1/
reference_id USN-6491-1
reference_type
scores
url https://usn.ubuntu.com/6491-1/
fixed_packages
0
url pkg:deb/debian/llhttp@0?distro=sid
purl pkg:deb/debian/llhttp@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/llhttp@0%3Fdistro=sid
1
url pkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-3?distro=sid
purl pkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-3?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/llhttp@9.3.3~really9.3.0%252B~cs12.11.8-3%3Fdistro=sid
2
url pkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-4?distro=sid
purl pkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-4?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/llhttp@9.3.3~really9.3.0%252B~cs12.11.8-4%3Fdistro=sid
aliases CVE-2022-32214, GHSA-q5vx-44v4-gch4
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8c4g-fjsa-nkhw
1
url VCID-b54b-pd2b-bygm
vulnerability_id VCID-b54b-pd2b-bygm
summary 
llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-Encoding
The llhttp parser in the http module in Node.js v17.x does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).

Impacts:

- All versions of the nodejs 18.x, 16.x, and 14.x releases lines.
- llhttp v6.0.7 and llhttp v2.1.5 contains the fixes that were updated inside Node.js
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32213.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32213.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-32213
reference_id
reference_type
scores
0
value 0.88458
scoring_system epss
scoring_elements 0.99505
published_at 2026-04-21T12:55:00Z
1
value 0.88458
scoring_system epss
scoring_elements 0.99504
published_at 2026-04-16T12:55:00Z
2
value 0.89626
scoring_system epss
scoring_elements 0.99561
published_at 2026-04-13T12:55:00Z
3
value 0.89626
scoring_system epss
scoring_elements 0.9956
published_at 2026-04-12T12:55:00Z
4
value 0.89626
scoring_system epss
scoring_elements 0.99559
published_at 2026-04-07T12:55:00Z
5
value 0.89626
scoring_system epss
scoring_elements 0.99558
published_at 2026-04-04T12:55:00Z
6
value 0.89626
scoring_system epss
scoring_elements 0.99557
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-32213
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb
12
reference_url https://hackerone.com/reports/1524555
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/1524555
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/
19
reference_url https://nodejs.org/en/blog/vulnerability/july-2022-security-releases
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nodejs.org/en/blog/vulnerability/july-2022-security-releases
20
reference_url https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
reference_id
reference_type
scores
url https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-32213
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-32213
22
reference_url https://security.netapp.com/advisory/ntap-20220915-0001
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220915-0001
23
reference_url https://security.netapp.com/advisory/ntap-20220915-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220915-0001/
24
reference_url https://www.debian.org/security/2023/dsa-5326
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5326
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2105430
reference_id 2105430
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2105430
26
reference_url https://github.com/advisories/GHSA-5689-v88g-g6rv
reference_id GHSA-5689-v88g-g6rv
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5689-v88g-g6rv
27
reference_url https://security.gentoo.org/glsa/202405-29
reference_id GLSA-202405-29
reference_type
scores
url https://security.gentoo.org/glsa/202405-29
28
reference_url https://access.redhat.com/errata/RHSA-2022:6389
reference_id RHSA-2022:6389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6389
29
reference_url https://access.redhat.com/errata/RHSA-2022:6448
reference_id RHSA-2022:6448
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6448
30
reference_url https://access.redhat.com/errata/RHSA-2022:6449
reference_id RHSA-2022:6449
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6449
31
reference_url https://access.redhat.com/errata/RHSA-2022:6595
reference_id RHSA-2022:6595
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6595
32
reference_url https://access.redhat.com/errata/RHSA-2022:6985
reference_id RHSA-2022:6985
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6985
33
reference_url https://usn.ubuntu.com/6491-1/
reference_id USN-6491-1
reference_type
scores
url https://usn.ubuntu.com/6491-1/
fixed_packages
0
url pkg:deb/debian/llhttp@0?distro=sid
purl pkg:deb/debian/llhttp@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/llhttp@0%3Fdistro=sid
1
url pkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-3?distro=sid
purl pkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-3?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/llhttp@9.3.3~really9.3.0%252B~cs12.11.8-3%3Fdistro=sid
2
url pkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-4?distro=sid
purl pkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-4?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/llhttp@9.3.3~really9.3.0%252B~cs12.11.8-4%3Fdistro=sid
aliases CVE-2022-32213, GHSA-5689-v88g-g6rv
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b54b-pd2b-bygm
2
url VCID-dfdy-vhdd-5kh4
vulnerability_id VCID-dfdy-vhdd-5kh4
summary Multiple vulnerabilities have been discovered in Node.js.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35256.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35256.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-35256
reference_id
reference_type
scores
0
value 0.03945
scoring_system epss
scoring_elements 0.88301
published_at 2026-04-02T12:55:00Z
1
value 0.03945
scoring_system epss
scoring_elements 0.88357
published_at 2026-04-21T12:55:00Z
2
value 0.03945
scoring_system epss
scoring_elements 0.8832
published_at 2026-04-07T12:55:00Z
3
value 0.03945
scoring_system epss
scoring_elements 0.88339
published_at 2026-04-08T12:55:00Z
4
value 0.03945
scoring_system epss
scoring_elements 0.88346
published_at 2026-04-09T12:55:00Z
5
value 0.03945
scoring_system epss
scoring_elements 0.88356
published_at 2026-04-11T12:55:00Z
6
value 0.03945
scoring_system epss
scoring_elements 0.88348
published_at 2026-04-13T12:55:00Z
7
value 0.03945
scoring_system epss
scoring_elements 0.88361
published_at 2026-04-16T12:55:00Z
8
value 0.03945
scoring_system epss
scoring_elements 0.88358
published_at 2026-04-18T12:55:00Z
9
value 0.03945
scoring_system epss
scoring_elements 0.88315
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-35256
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://hackerone.com/reports/1675191
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:21:44Z/
url https://hackerone.com/reports/1675191
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2130518
reference_id 2130518
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2130518
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-35256
reference_id CVE-2022-35256
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-35256
13
reference_url https://security.gentoo.org/glsa/202405-29
reference_id GLSA-202405-29
reference_type
scores
url https://security.gentoo.org/glsa/202405-29
14
reference_url https://access.redhat.com/errata/RHSA-2022:6963
reference_id RHSA-2022:6963
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6963
15
reference_url https://access.redhat.com/errata/RHSA-2022:6964
reference_id RHSA-2022:6964
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6964
16
reference_url https://access.redhat.com/errata/RHSA-2022:7044
reference_id RHSA-2022:7044
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7044
17
reference_url https://access.redhat.com/errata/RHSA-2022:7821
reference_id RHSA-2022:7821
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7821
18
reference_url https://access.redhat.com/errata/RHSA-2022:7830
reference_id RHSA-2022:7830
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7830
19
reference_url https://access.redhat.com/errata/RHSA-2023:0321
reference_id RHSA-2023:0321
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0321
20
reference_url https://access.redhat.com/errata/RHSA-2023:1533
reference_id RHSA-2023:1533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1533
21
reference_url https://access.redhat.com/errata/RHSA-2023:1742
reference_id RHSA-2023:1742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1742
22
reference_url https://usn.ubuntu.com/6491-1/
reference_id USN-6491-1
reference_type
scores
url https://usn.ubuntu.com/6491-1/
fixed_packages
0
url pkg:deb/debian/llhttp@0?distro=sid
purl pkg:deb/debian/llhttp@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/llhttp@0%3Fdistro=sid
1
url pkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-3?distro=sid
purl pkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-3?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/llhttp@9.3.3~really9.3.0%252B~cs12.11.8-3%3Fdistro=sid
2
url pkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-4?distro=sid
purl pkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-4?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/llhttp@9.3.3~really9.3.0%252B~cs12.11.8-4%3Fdistro=sid
aliases CVE-2022-35256
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dfdy-vhdd-5kh4
3
url VCID-g9bm-61bn-ryg5
vulnerability_id VCID-g9bm-61bn-ryg5
summary nodejs: Improper HTTP Header Termination in Node.js 20 Enables Request Smuggling
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23167.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23167.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-23167
reference_id
reference_type
scores
0
value 0.00096
scoring_system epss
scoring_elements 0.26527
published_at 2026-04-21T12:55:00Z
1
value 0.00096
scoring_system epss
scoring_elements 0.26645
published_at 2026-04-12T12:55:00Z
2
value 0.00096
scoring_system epss
scoring_elements 0.26587
published_at 2026-04-13T12:55:00Z
3
value 0.00096
scoring_system epss
scoring_elements 0.26594
published_at 2026-04-16T12:55:00Z
4
value 0.00096
scoring_system epss
scoring_elements 0.26566
published_at 2026-04-18T12:55:00Z
5
value 0.00096
scoring_system epss
scoring_elements 0.2674
published_at 2026-04-02T12:55:00Z
6
value 0.00096
scoring_system epss
scoring_elements 0.26782
published_at 2026-04-04T12:55:00Z
7
value 0.00096
scoring_system epss
scoring_elements 0.26565
published_at 2026-04-07T12:55:00Z
8
value 0.00096
scoring_system epss
scoring_elements 0.26633
published_at 2026-04-08T12:55:00Z
9
value 0.00096
scoring_system epss
scoring_elements 0.26684
published_at 2026-04-09T12:55:00Z
10
value 0.00096
scoring_system epss
scoring_elements 0.26689
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-23167
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105919
reference_id 1105919
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105919
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2367167
reference_id 2367167
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2367167
5
reference_url https://security.archlinux.org/ASA-202505-8
reference_id ASA-202505-8
reference_type
scores
url https://security.archlinux.org/ASA-202505-8
6
reference_url https://security.archlinux.org/AVG-2873
reference_id AVG-2873
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2873
7
reference_url https://nodejs.org/en/blog/vulnerability/may-2025-security-releases
reference_id may-2025-security-releases
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-19T15:09:55Z/
url https://nodejs.org/en/blog/vulnerability/may-2025-security-releases
8
reference_url https://access.redhat.com/errata/RHSA-2025:8468
reference_id RHSA-2025:8468
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8468
9
reference_url https://access.redhat.com/errata/RHSA-2025:8514
reference_id RHSA-2025:8514
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8514
fixed_packages
0
url pkg:deb/debian/llhttp@0?distro=sid
purl pkg:deb/debian/llhttp@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/llhttp@0%3Fdistro=sid
1
url pkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-3?distro=sid
purl pkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-3?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/llhttp@9.3.3~really9.3.0%252B~cs12.11.8-3%3Fdistro=sid
2
url pkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-4?distro=sid
purl pkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-4?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/llhttp@9.3.3~really9.3.0%252B~cs12.11.8-4%3Fdistro=sid
aliases CVE-2025-23167
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g9bm-61bn-ryg5
4
url VCID-wzcw-dd7m-zkaz
vulnerability_id VCID-wzcw-dd7m-zkaz
summary Multiple vulnerabilities have been discovered in Node.js.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32215.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32215.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-32215
reference_id
reference_type
scores
0
value 0.87391
scoring_system epss
scoring_elements 0.9946
published_at 2026-04-21T12:55:00Z
1
value 0.87391
scoring_system epss
scoring_elements 0.99459
published_at 2026-04-18T12:55:00Z
2
value 0.88764
scoring_system epss
scoring_elements 0.9951
published_at 2026-04-04T12:55:00Z
3
value 0.88764
scoring_system epss
scoring_elements 0.99511
published_at 2026-04-07T12:55:00Z
4
value 0.88764
scoring_system epss
scoring_elements 0.99512
published_at 2026-04-09T12:55:00Z
5
value 0.88764
scoring_system epss
scoring_elements 0.99513
published_at 2026-04-13T12:55:00Z
6
value 0.88764
scoring_system epss
scoring_elements 0.99508
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-32215
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://hackerone.com/reports/1501679
reference_id
reference_type
scores
url https://hackerone.com/reports/1501679
11
reference_url https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
reference_id
reference_type
scores
url https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2105426
reference_id 2105426
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2105426
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-32215
reference_id CVE-2022-32215
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-32215
14
reference_url https://security.gentoo.org/glsa/202405-29
reference_id GLSA-202405-29
reference_type
scores
url https://security.gentoo.org/glsa/202405-29
15
reference_url https://access.redhat.com/errata/RHSA-2022:6389
reference_id RHSA-2022:6389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6389
16
reference_url https://access.redhat.com/errata/RHSA-2022:6448
reference_id RHSA-2022:6448
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6448
17
reference_url https://access.redhat.com/errata/RHSA-2022:6449
reference_id RHSA-2022:6449
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6449
18
reference_url https://access.redhat.com/errata/RHSA-2022:6595
reference_id RHSA-2022:6595
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6595
19
reference_url https://access.redhat.com/errata/RHSA-2022:6985
reference_id RHSA-2022:6985
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6985
20
reference_url https://usn.ubuntu.com/6491-1/
reference_id USN-6491-1
reference_type
scores
url https://usn.ubuntu.com/6491-1/
fixed_packages
0
url pkg:deb/debian/llhttp@0?distro=sid
purl pkg:deb/debian/llhttp@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/llhttp@0%3Fdistro=sid
1
url pkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-3?distro=sid
purl pkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-3?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/llhttp@9.3.3~really9.3.0%252B~cs12.11.8-3%3Fdistro=sid
2
url pkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-4?distro=sid
purl pkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-4?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/llhttp@9.3.3~really9.3.0%252B~cs12.11.8-4%3Fdistro=sid
aliases CVE-2022-32215
risk_score 10.0
exploitability 2.0
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wzcw-dd7m-zkaz
5
url VCID-zstw-3wmu-u3c8
vulnerability_id VCID-zstw-3wmu-u3c8
summary 
llhttp vulnerable to HTTP request smuggling
The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).

The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30589.json
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30589.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30589
reference_id
reference_type
scores
0
value 0.01916
scoring_system epss
scoring_elements 0.83351
published_at 2026-04-21T12:55:00Z
1
value 0.01916
scoring_system epss
scoring_elements 0.83349
published_at 2026-04-18T12:55:00Z
2
value 0.01916
scoring_system epss
scoring_elements 0.83275
published_at 2026-04-07T12:55:00Z
3
value 0.01916
scoring_system epss
scoring_elements 0.83348
published_at 2026-04-16T12:55:00Z
4
value 0.01916
scoring_system epss
scoring_elements 0.83313
published_at 2026-04-13T12:55:00Z
5
value 0.01916
scoring_system epss
scoring_elements 0.83317
published_at 2026-04-12T12:55:00Z
6
value 0.01916
scoring_system epss
scoring_elements 0.83323
published_at 2026-04-11T12:55:00Z
7
value 0.01916
scoring_system epss
scoring_elements 0.83308
published_at 2026-04-09T12:55:00Z
8
value 0.01916
scoring_system epss
scoring_elements 0.83299
published_at 2026-04-08T12:55:00Z
9
value 0.01916
scoring_system epss
scoring_elements 0.83261
published_at 2026-04-02T12:55:00Z
10
value 0.01916
scoring_system epss
scoring_elements 0.83276
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30589
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/nodejs/llhttp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/llhttp
5
reference_url https://github.com/nodejs/llhttp/releases/tag/release%2Fv8.1.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/llhttp/releases/tag/release%2Fv8.1.1
6
reference_url https://hackerone.com/reports/2001873
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/2001873
7
reference_url https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCVG4TQRGTK4LKAZKVEQAUEJM7DUACYE
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCVG4TQRGTK4LKAZKVEQAUEJM7DUACYE
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76
14
reference_url https://security.netapp.com/advisory/ntap-20230803-0009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230803-0009
15
reference_url https://security.netapp.com/advisory/ntap-20240621-0006
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240621-0006
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990
reference_id 1039990
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2219841
reference_id 2219841
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2219841
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30589
reference_id CVE-2023-30589
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30589
19
reference_url https://github.com/advisories/GHSA-cggh-pq45-6h9x
reference_id GHSA-cggh-pq45-6h9x
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cggh-pq45-6h9x
20
reference_url https://security.gentoo.org/glsa/202405-29
reference_id GLSA-202405-29
reference_type
scores
url https://security.gentoo.org/glsa/202405-29
21
reference_url https://access.redhat.com/errata/RHSA-2023:4330
reference_id RHSA-2023:4330
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4330
22
reference_url https://access.redhat.com/errata/RHSA-2023:4331
reference_id RHSA-2023:4331
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4331
23
reference_url https://access.redhat.com/errata/RHSA-2023:4536
reference_id RHSA-2023:4536
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4536
24
reference_url https://access.redhat.com/errata/RHSA-2023:4537
reference_id RHSA-2023:4537
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4537
25
reference_url https://access.redhat.com/errata/RHSA-2023:5361
reference_id RHSA-2023:5361
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5361
26
reference_url https://access.redhat.com/errata/RHSA-2023:5533
reference_id RHSA-2023:5533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5533
27
reference_url https://usn.ubuntu.com/6735-1/
reference_id USN-6735-1
reference_type
scores
url https://usn.ubuntu.com/6735-1/
fixed_packages
0
url pkg:deb/debian/llhttp@0?distro=sid
purl pkg:deb/debian/llhttp@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/llhttp@0%3Fdistro=sid
1
url pkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-3?distro=sid
purl pkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-3?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/llhttp@9.3.3~really9.3.0%252B~cs12.11.8-3%3Fdistro=sid
2
url pkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-4?distro=sid
purl pkg:deb/debian/llhttp@9.3.3~really9.3.0%2B~cs12.11.8-4?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/llhttp@9.3.3~really9.3.0%252B~cs12.11.8-4%3Fdistro=sid
aliases CVE-2023-30589, GHSA-cggh-pq45-6h9x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zstw-3wmu-u3c8
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/llhttp@9.3.3~really9.3.0%252B~cs12.11.8-4%3Fdistro=sid