Search for packages
| purl | pkg:npm/llhttp@3.0.0 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ja9y-54rf-aaab
Aliases: CVE-2021-22959 |
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6. |
Affected by 0 other vulnerabilities. |
|
VCID-y6yq-qtna-aaaa
Aliases: CVE-2021-22960 |
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-09-17T22:43:50.318421+00:00 | GitLab Importer | Affected by | VCID-ja9y-54rf-aaab | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/llhttp/CVE-2021-22959.yml | 34.0.1 |
| 2024-09-17T22:43:50.269277+00:00 | GitLab Importer | Affected by | VCID-y6yq-qtna-aaaa | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/llhttp/CVE-2021-22960.yml | 34.0.1 |
| 2024-01-03T18:05:38.646099+00:00 | GitLab Importer | Affected by | VCID-ja9y-54rf-aaab | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/llhttp/CVE-2021-22959.yml | 34.0.0rc1 |
| 2024-01-03T18:05:38.608542+00:00 | GitLab Importer | Affected by | VCID-y6yq-qtna-aaaa | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/llhttp/CVE-2021-22960.yml | 34.0.0rc1 |