CVE-2021-22960
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2021-22960. We'll provide specific mitigation strategies based on your environment and risk profile.
Description
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
Available Exploits
Related News
Affected Products
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
References
Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: May 24, 2022
Social Media Intelligence
Real-time discussions and threat intelligence from social platforms
🚨 Cache Poisoning & Request Smuggling — A Technical Breakdown By CyberDudeBivash – Ruthless, Engineering-Grade Threat Intel https://preview.redd.it/duyiknn3qsjf1.png?width=1536&format=png&auto=webp&s=d1b9dbc5c915affdcf40aa292c8a13f2398b1b1b 1. Introduction Modern web applications rely heavily on **reverse proxies, CDNs, and caching layers** to deliver fast, scalable experiences. But attackers exploit the **mismatch between how different systems parse HTTP requests** to …