HTTP Request Smuggling Due to Incorrect Parsing of Header Fields

Medium

Internet Bug Bounty

Submitted None

Team Summary

Official summary from Internet Bug Bounty

CVE-2022-35256 Detail Description The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-35256 HackerOne original submission: https://hackerone.com/reports/1675191

Actions:

View on HackerOne

Reported by vwx7

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Bounty

$1800.00

Submitted

Weakness

HTTP Request Smuggling