---

CVE-2021-22960 - log back

CVE-2021-22960 edited at 12 Oct 2021 16:42:51
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Url request injection
Description	+ A security issue has been found in Node.js before versions 16.11.1, 14.18.1 and 12.22.7. The parser ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
References	+ https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/#http-request-smuggling-when-parsing-the-body-medium-cve-2021-22960 + https://hackerone.com/reports/1238099 + https://hackerone.com/reports/1238709 + https://github.com/nodejs/node/commit/af488f8dc82d69847992ea1cd2f53dc8082b3b91 + https://github.com/nodejs/node/commit/8c254ca7e4693fb778d808fa835b095de6c9fdd4 + https://github.com/nodejs/node/commit/21a2e554e3eaa325abbdb28f366928d0ccc0a0f0

CVE-2021-22960 created at 12 Oct 2021 16:36:13