The llhttp parser in the http module in Node.js v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. Impacts: All versions of the 18.x, 16.x, and 14.x release lines. llhttp v6.0.10 contains the fixes that were updated inside Node.js
Created nodejs tracking bugs for this issue: Affects: epel-all [bug 2130533] Affects: fedora-all [bug 2130532] Created nodejs:12/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2130537] Created nodejs:13/nodejs tracking bugs for this issue: Affects: epel-all [bug 2130534] Created nodejs:14/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2130538] Created nodejs:15/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2130539] Created nodejs:16-epel/nodejs tracking bugs for this issue: Affects: epel-all [bug 2130536] Created nodejs:16/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2130540] Created nodejs:18/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2130541]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:6963 https://access.redhat.com/errata/RHSA-2022:6963
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6964 https://access.redhat.com/errata/RHSA-2022:6964
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:7044 https://access.redhat.com/errata/RHSA-2022:7044
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7821 https://access.redhat.com/errata/RHSA-2022:7821
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7830 https://access.redhat.com/errata/RHSA-2022:7830
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-35256
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0321 https://access.redhat.com/errata/RHSA-2023:0321
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:1533 https://access.redhat.com/errata/RHSA-2023:1533
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:1742 https://access.redhat.com/errata/RHSA-2023:1742