Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-yk56-fkvw-kfc3
Vulnerability ID VCID-yk56-fkvw-kfc3
Aliases CVE-2022-32214
GHSA-q5vx-44v4-gch4
Summary nodejs: HTTP request smuggling due to improper delimiting of header fields
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32214.json
epss 0.39294 https://api.first.org/data/v1/epss?cve=CVE-2022-32214
cvssv3.1 9.1 https://datatracker.ietf.org/doc/html/rfc7230#section-3
generic_textual CRITICAL https://datatracker.ietf.org/doc/html/rfc7230#section-3
cvssv3.1 6.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-q5vx-44v4-gch4
cvssv3.1 9.1 https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb
generic_textual CRITICAL https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb
cvssv3.1 9.1 https://hackerone.com/reports/1524692
generic_textual CRITICAL https://hackerone.com/reports/1524692
cvssv3.1 9.1 https://nodejs.org/en/blog/vulnerability/july-2022-security-releases
generic_textual CRITICAL https://nodejs.org/en/blog/vulnerability/july-2022-security-releases
cvssv3.1 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-32214
generic_textual CRITICAL https://nvd.nist.gov/vuln/detail/CVE-2022-32214
cvssv3.1 9.1 https://security.netapp.com/advisory/ntap-20220915-0001
generic_textual CRITICAL https://security.netapp.com/advisory/ntap-20220915-0001
cvssv3.1 9.1 https://www.debian.org/security/2023/dsa-5326
generic_textual CRITICAL https://www.debian.org/security/2023/dsa-5326
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32214.json
https://api.first.org/data/v1/epss?cve=CVE-2022-32214
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
https://datatracker.ietf.org/doc/html/rfc7230#section-3
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb
https://hackerone.com/reports/1524692
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
https://nvd.nist.gov/vuln/detail/CVE-2022-32214
https://security.netapp.com/advisory/ntap-20220915-0001
https://security.netapp.com/advisory/ntap-20220915-0001/
https://www.debian.org/security/2023/dsa-5326
2105428 https://bugzilla.redhat.com/show_bug.cgi?id=2105428
GHSA-q5vx-44v4-gch4 https://github.com/advisories/GHSA-q5vx-44v4-gch4
GLSA-202405-29 https://security.gentoo.org/glsa/202405-29
RHSA-2022:6389 https://access.redhat.com/errata/RHSA-2022:6389
RHSA-2022:6448 https://access.redhat.com/errata/RHSA-2022:6448
RHSA-2022:6449 https://access.redhat.com/errata/RHSA-2022:6449
RHSA-2022:6595 https://access.redhat.com/errata/RHSA-2022:6595
RHSA-2022:6985 https://access.redhat.com/errata/RHSA-2022:6985
USN-6491-1 https://usn.ubuntu.com/6491-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32214.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://datatracker.ietf.org/doc/html/rfc7230#section-3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://hackerone.com/reports/1524692
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://nodejs.org/en/blog/vulnerability/july-2022-security-releases
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-32214
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://security.netapp.com/advisory/ntap-20220915-0001
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://www.debian.org/security/2023/dsa-5326
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.97358
EPSS Score 0.39294
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T09:12:30.076702+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32214.json 38.6.0