2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2022-32213" ,
"sourceIdentifier" : "support@hackerone.com" ,
"published" : "2022-07-14T15:15:08.287" ,
2024-12-08 03:06:42 +00:00
"lastModified" : "2024-11-21T07:05:56.257" ,
2023-11-07 21:03:21 +00:00
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS)."
} ,
{
"lang" : "es" ,
"value" : "El analizador llhttp anteriores a la versi\u00f3n v14.20.1, anteriores a la versi\u00f3n v16.17.1 y anteriores a la versi\u00f3n v18.9.1 del m\u00f3dulo http en Node.js no analiza y valida correctamente las cabeceras Transfer-Encoding y puede dar lugar a HTTP Request Smuggling (HRS)"
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 6.5 ,
"baseSeverity" : "MEDIUM" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "LOW" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2023-04-24 12:24:31 +02:00
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 2.5
}
]
} ,
"weaknesses" : [
{
2024-12-08 03:06:42 +00:00
"source" : "support@hackerone.com" ,
"type" : "Secondary" ,
2023-04-24 12:24:31 +02:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-444"
}
]
} ,
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2023-04-24 12:24:31 +02:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-444"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:llhttp:llhttp:*:*:*:*:*:node.js:*:*" ,
"versionEndExcluding" : "2.1.5" ,
"matchCriteriaId" : "C2150173-C986-4D63-AA7F-9618AA856F2C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:llhttp:llhttp:*:*:*:*:*:node.js:*:*" ,
"versionStartIncluding" : "6.0.0" ,
"versionEndExcluding" : "6.0.7" ,
"matchCriteriaId" : "FBB4A716-D0D0-4319-BAF0-7F012973330A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" ,
"versionStartIncluding" : "14.0.0" ,
"versionEndIncluding" : "14.14.0" ,
"matchCriteriaId" : "428DCD7B-6F66-4F18-B780-5BD80143D482"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" ,
"versionStartIncluding" : "14.15.0" ,
"versionEndExcluding" : "14.20.1" ,
"matchCriteriaId" : "1D907C43-56F3-4FB8-8F20-C90C65EE5A08"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" ,
"versionStartIncluding" : "16.0.0" ,
"versionEndIncluding" : "16.12.0" ,
"matchCriteriaId" : "1D1D0CEC-62E5-4368-B8F2-1DA5DD0B88FA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" ,
"versionStartIncluding" : "16.13.0" ,
"versionEndExcluding" : "16.17.1" ,
"matchCriteriaId" : "09BD0FC2-5AA1-4A22-8432-A2EEA314FE09"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" ,
"versionStartIncluding" : "18.0.0" ,
"versionEndExcluding" : "18.9.1" ,
"matchCriteriaId" : "DA8C00DD-A6E5-4E3D-8DD4-F4B51F5C208A"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "4664B195-AF14-4834-82B3-0B2C98020EB6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*" ,
"matchCriteriaId" : "75BC588E-CDF0-404E-AD61-02093A1DF343"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*" ,
"matchCriteriaId" : "A334F7B4-7283-4453-BAED-D2E01B7F8A6E"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FA6FEEC2-9F11-4643-8827-749718254FED"
}
]
}
]
2023-07-19 02:01:21 +00:00
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:stormshield:stormshield_management_center:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "3.3.2" ,
"matchCriteriaId" : "57CACB72-BAD7-41F6-9977-321DA7F79519"
}
]
}
]
2023-04-24 12:24:31 +02:00
}
] ,
"references" : [
{
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf" ,
"source" : "support@hackerone.com" ,
"tags" : [
"Patch" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://hackerone.com/reports/1524555" ,
"source" : "support@hackerone.com" ,
"tags" : [
"Exploit" ,
"Third Party Advisory"
]
} ,
{
2023-11-07 21:03:21 +00:00
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/" ,
"source" : "support@hackerone.com"
2023-04-24 12:24:31 +02:00
} ,
{
2023-11-07 21:03:21 +00:00
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/" ,
"source" : "support@hackerone.com"
2023-04-24 12:24:31 +02:00
} ,
{
2023-11-07 21:03:21 +00:00
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/" ,
"source" : "support@hackerone.com"
2023-04-24 12:24:31 +02:00
} ,
{
"url" : "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/" ,
"source" : "support@hackerone.com" ,
"tags" : [
"Patch" ,
"Vendor Advisory"
]
} ,
{
"url" : "https://www.debian.org/security/2023/dsa-5326" ,
"source" : "support@hackerone.com" ,
"tags" : [
"Third Party Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://hackerone.com/reports/1524555" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Exploit" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch" ,
"Vendor Advisory"
]
} ,
{
"url" : "https://www.debian.org/security/2023/dsa-5326" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
2023-04-24 12:24:31 +02:00
}
]
}
