{"id":"AZL-10151","summary":"CVE-2022-32214 affecting package nodejs for versions less than 16.16.0-1","details":"The llhttp parser \u003cv14.20.1, \u003cv16.17.1 and \u003cv18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).","modified":"2026-04-01T05:05:19.362368Z","published":"2022-07-14T15:15:08Z","upstream":["CVE-2022-32214"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32214"}],"affected":[{"package":{"name":"nodejs","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/nodejs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"16.16.0-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-10151.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}]}