CVE-2022-32213

{"id": "CVE-2022-32213", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2022-07-14T15:15:08.287", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", "tags": ["Patch", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://hackerone.com/reports/1524555", "tags": ["Exploit", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/", "source": "support@hackerone.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/", "source": "support@hackerone.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/", "source": "support@hackerone.com"}, {"url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/", "tags": ["Patch", "Vendor Advisory"], "source": "support@hackerone.com"}, {"url": "https://www.debian.org/security/2023/dsa-5326", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-444"}]}, {"type": "Secondary", "source": "support@hackerone.com", "description": [{"lang": "en", "value": "CWE-444"}]}], "descriptions": [{"lang": "en", "value": "The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS)."}, {"lang": "es", "value": "El analizador llhttp anteriores a la versi\u00f3n v14.20.1, anteriores a la versi\u00f3n v16.17.1 y anteriores a la versi\u00f3n v18.9.1 del m\u00f3dulo http en Node.js no analiza y valida correctamente las cabeceras Transfer-Encoding y puede dar lugar a HTTP Request Smuggling (HRS)"}], "lastModified": "2023-11-07T03:47:46.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:llhttp:llhttp:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "C2150173-C986-4D63-AA7F-9618AA856F2C", "versionEndExcluding": "2.1.5"}, {"criteria": "cpe:2.3:a:llhttp:llhttp:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "FBB4A716-D0D0-4319-BAF0-7F012973330A", "versionEndExcluding": "6.0.7", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "428DCD7B-6F66-4F18-B780-5BD80143D482", "versionEndIncluding": "14.14.0", "versionStartIncluding": "14.0.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "1D907C43-56F3-4FB8-8F20-C90C65EE5A08", "versionEndExcluding": "14.20.1", "versionStartIncluding": "14.15.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "1D1D0CEC-62E5-4368-B8F2-1DA5DD0B88FA", "versionEndIncluding": "16.12.0", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "09BD0FC2-5AA1-4A22-8432-A2EEA314FE09", "versionEndExcluding": "16.17.1", "versionStartIncluding": "16.13.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "DA8C00DD-A6E5-4E3D-8DD4-F4B51F5C208A", "versionEndExcluding": "18.9.1", "versionStartIncluding": "18.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6"}, {"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343"}, {"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A334F7B4-7283-4453-BAED-D2E01B7F8A6E"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:stormshield:stormshield_management_center:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57CACB72-BAD7-41F6-9977-321DA7F79519", "versionEndExcluding": "3.3.2"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}