CVE-2021-22959

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2021-22959

Severity

6.5

Medium

CVSS CVSS_V3

Description

The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.

References

https://images.chainguard.dev/security/CGA-7p5m-4c2p-qmhc
https://github.com/advisories/GHSA-mhxq-vjjq-pcvf
https://hackerone.com/reports/1238709
https://www.debian.org/security/2022/dsa-5170
https://www.oracle.com/security-alerts/cpujan2022.html
https://security.alpinelinux.org/vuln/CVE-2021-22959
https://security-tracker.debian.org/tracker/CVE-2021-22959

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

CVE-2021-22959

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources