Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/265399?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/265399?format=api", "purl": "pkg:npm/llhttp@1.0.1", "type": "npm", "namespace": "", "name": "llhttp", "version": "1.0.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53859?format=api", "vulnerability_id": "VCID-8c4g-fjsa-nkhw", "summary": "llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields\nThe llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. The LF character (without CR) is sufficient to delimit HTTP header fields in the lihttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This can lead to HTTP Request Smuggling (HRS).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32214.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32214.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32214", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.39294", "scoring_system": "epss", "scoring_elements": "0.97303", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.39294", "scoring_system": "epss", "scoring_elements": "0.97301", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.39294", "scoring_system": "epss", "scoring_elements": "0.973", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.39294", "scoring_system": "epss", "scoring_elements": "0.97298", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.39294", "scoring_system": "epss", "scoring_elements": "0.97296", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.45841", "scoring_system": "epss", "scoring_elements": "0.97608", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.45841", "scoring_system": "epss", "scoring_elements": "0.97617", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.45841", "scoring_system": "epss", "scoring_elements": "0.97612", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.45841", "scoring_system": "epss", "scoring_elements": "0.97611", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.45841", "scoring_system": "epss", "scoring_elements": "0.97625", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.45841", "scoring_system": "epss", "scoring_elements": "0.97624", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.45841", "scoring_system": "epss", "scoring_elements": "0.97622", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.45841", "scoring_system": "epss", "scoring_elements": "0.97619", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548" }, { "reference_url": "https://datatracker.ietf.org/doc/html/rfc7230#section-3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://datatracker.ietf.org/doc/html/rfc7230#section-3" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb" }, { "reference_url": "https://hackerone.com/reports/1524692", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1524692" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32214", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32214" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220915-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220915-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220915-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220915-0001/" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5326", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2023/dsa-5326" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105428", "reference_id": "2105428", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105428" }, { "reference_url": "https://github.com/advisories/GHSA-q5vx-44v4-gch4", "reference_id": "GHSA-q5vx-44v4-gch4", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q5vx-44v4-gch4" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6389", "reference_id": "RHSA-2022:6389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6448", "reference_id": "RHSA-2022:6448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6449", "reference_id": "RHSA-2022:6449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6595", "reference_id": "RHSA-2022:6595", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6595" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6985", "reference_id": "RHSA-2022:6985", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6985" }, { "reference_url": "https://usn.ubuntu.com/6491-1/", "reference_id": "USN-6491-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6491-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81400?format=api", "purl": "pkg:npm/llhttp@6.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/llhttp@6.0.7" } ], "aliases": [ "CVE-2022-32214", "GHSA-q5vx-44v4-gch4" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8c4g-fjsa-nkhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53933?format=api", "vulnerability_id": "VCID-b54b-pd2b-bygm", "summary": "llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-Encoding\nThe llhttp parser in the http module in Node.js v17.x does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).\n\nImpacts:\n\n- All versions of the nodejs 18.x, 16.x, and 14.x releases lines.\n- llhttp v6.0.7 and llhttp v2.1.5 contains the fixes that were updated inside Node.js", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32213.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32213.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32213", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.88458", "scoring_system": "epss", "scoring_elements": "0.99508", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.88458", "scoring_system": "epss", "scoring_elements": "0.99507", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.88458", "scoring_system": "epss", "scoring_elements": "0.99506", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.88458", "scoring_system": "epss", "scoring_elements": "0.99505", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.88458", "scoring_system": "epss", "scoring_elements": "0.99504", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.89626", "scoring_system": "epss", "scoring_elements": "0.9956", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.89626", "scoring_system": "epss", "scoring_elements": "0.99561", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.89626", "scoring_system": "epss", "scoring_elements": "0.99559", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.89626", "scoring_system": "epss", "scoring_elements": "0.99558", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.89626", "scoring_system": "epss", "scoring_elements": "0.99557", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32213" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb" }, { "reference_url": "https://hackerone.com/reports/1524555", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1524555" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32213", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32213" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220915-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220915-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220915-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220915-0001/" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5326", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2023/dsa-5326" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105430", "reference_id": "2105430", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105430" }, { "reference_url": "https://github.com/advisories/GHSA-5689-v88g-g6rv", "reference_id": "GHSA-5689-v88g-g6rv", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5689-v88g-g6rv" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6389", "reference_id": "RHSA-2022:6389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6448", "reference_id": "RHSA-2022:6448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6449", "reference_id": "RHSA-2022:6449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6595", "reference_id": "RHSA-2022:6595", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6595" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6985", "reference_id": "RHSA-2022:6985", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6985" }, { "reference_url": "https://usn.ubuntu.com/6491-1/", "reference_id": "USN-6491-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6491-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81400?format=api", "purl": "pkg:npm/llhttp@6.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/llhttp@6.0.7" } ], "aliases": [ "CVE-2022-32213", "GHSA-5689-v88g-g6rv" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b54b-pd2b-bygm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62479?format=api", "vulnerability_id": "VCID-dfdy-vhdd-5kh4", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35256.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35256.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03611", "scoring_system": "epss", "scoring_elements": "0.87819", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03611", "scoring_system": "epss", "scoring_elements": "0.87822", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.88301", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.88346", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.88356", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.88348", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.88361", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.88358", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.88357", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.88374", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.88315", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.8832", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.88339", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1675191", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:21:44Z/" } ], "url": "https://hackerone.com/reports/1675191" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518", "reference_id": "2130518", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256", "reference_id": "CVE-2022-35256", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6963", "reference_id": "RHSA-2022:6963", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6963" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6964", "reference_id": "RHSA-2022:6964", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6964" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7044", "reference_id": "RHSA-2022:7044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7821", "reference_id": "RHSA-2022:7821", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7821" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7830", "reference_id": "RHSA-2022:7830", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7830" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0321", "reference_id": "RHSA-2023:0321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1533", "reference_id": "RHSA-2023:1533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1742", "reference_id": "RHSA-2023:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1742" }, { "reference_url": "https://usn.ubuntu.com/6491-1/", "reference_id": "USN-6491-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6491-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-35256" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dfdy-vhdd-5kh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11561?format=api", "vulnerability_id": "VCID-gwyr-ac4e-dqfa", "summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')\nThe llhttp parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22959.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22959.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22959", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43692", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43574", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43652", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43657", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43747", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43772", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43706", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43756", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43759", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43779", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43746", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.4373", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43791", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43783", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43715", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22959" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1238709", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1238709" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014057", "reference_id": "2014057", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014057" }, { "reference_url": "https://security.archlinux.org/ASA-202110-4", "reference_id": "ASA-202110-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202110-4" }, { "reference_url": "https://security.archlinux.org/AVG-2460", "reference_id": "AVG-2460", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2460" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959", "reference_id": "CVE-2021-22959", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5171", "reference_id": "RHSA-2021:5171", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5171" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0041", "reference_id": "RHSA-2022:0041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0246", "reference_id": "RHSA-2022:0246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0246" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0350", "reference_id": "RHSA-2022:0350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4914", "reference_id": "RHSA-2022:4914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4914" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41717?format=api", "purl": "pkg:npm/llhttp@2.1.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/llhttp@2.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/41718?format=api", "purl": "pkg:npm/llhttp@6.0.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/llhttp@6.0.6" } ], "aliases": [ "CVE-2021-22959" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gwyr-ac4e-dqfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11473?format=api", "vulnerability_id": "VCID-tnhd-rr89-9udh", "summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')\nThe parse function in llhttp ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22960.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22960.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22960", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45642", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.456", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45651", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.4566", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45709", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45729", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45677", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45733", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45751", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45721", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45779", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45773", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.4572", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1238099", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1238099" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014059", "reference_id": "2014059", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014059" }, { "reference_url": "https://security.archlinux.org/ASA-202110-4", "reference_id": "ASA-202110-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202110-4" }, { "reference_url": "https://security.archlinux.org/AVG-2460", "reference_id": "AVG-2460", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2460" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960", "reference_id": "CVE-2021-22960", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5171", "reference_id": "RHSA-2021:5171", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5171" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0041", "reference_id": "RHSA-2022:0041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0246", "reference_id": "RHSA-2022:0246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0246" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0350", "reference_id": "RHSA-2022:0350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4914", "reference_id": "RHSA-2022:4914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4914" } ], "fixed_packages": [], "aliases": [ "CVE-2021-22960" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tnhd-rr89-9udh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18167?format=api", "vulnerability_id": "VCID-zstw-3wmu-u3c8", "summary": "llhttp vulnerable to HTTP request smuggling\nThe llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).\n\nThe CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30589.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30589.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30589", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83384", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83382", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83349", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83348", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83313", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83317", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83323", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83308", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83299", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83275", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83276", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83261", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83375", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83351", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30589" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/nodejs/llhttp", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nodejs/llhttp" }, { "reference_url": "https://github.com/nodejs/llhttp/releases/tag/release%2Fv8.1.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nodejs/llhttp/releases/tag/release%2Fv8.1.1" }, { "reference_url": "https://hackerone.com/reports/2001873", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/2001873" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCVG4TQRGTK4LKAZKVEQAUEJM7DUACYE", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCVG4TQRGTK4LKAZKVEQAUEJM7DUACYE" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230803-0009", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230803-0009" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240621-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990", "reference_id": "1039990", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219841", "reference_id": "2219841", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219841" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30589", "reference_id": "CVE-2023-30589", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30589" }, { "reference_url": "https://github.com/advisories/GHSA-cggh-pq45-6h9x", "reference_id": "GHSA-cggh-pq45-6h9x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cggh-pq45-6h9x" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4330", "reference_id": "RHSA-2023:4330", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4330" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4331", "reference_id": "RHSA-2023:4331", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4331" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4536", "reference_id": "RHSA-2023:4536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4537", "reference_id": "RHSA-2023:4537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5361", "reference_id": "RHSA-2023:5361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5533", "reference_id": "RHSA-2023:5533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5533" }, { "reference_url": "https://usn.ubuntu.com/6735-1/", "reference_id": "USN-6735-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6735-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58540?format=api", "purl": "pkg:npm/llhttp@8.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/llhttp@8.1.1" } ], "aliases": [ "CVE-2023-30589", "GHSA-cggh-pq45-6h9x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zstw-3wmu-u3c8" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/llhttp@1.0.1" }