VYPR

rpm package

opensuse/python-httptools&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/python-httptools&distro=openSUSE%20Tumbleweed

Vulnerabilities (2)

  • CVE-2022-32213Jul 14, 2022
    affected < 0.6.1-1.9fixed 0.6.1-1.9

    The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).

  • CVE-2021-22959Nov 15, 2021
    affected < 0.6.1-1.9fixed 0.6.1-1.9

    The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.