CVE-2022-32214 Information

Description

The llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).

Reference

https://hackerone.com/reports/1524692 https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/