{"id":"AZL-31039","summary":"CVE-2022-35256 affecting package rust for versions less than 1.68.0-1","details":"The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.","modified":"2026-04-01T05:09:54.543577Z","published":"2022-12-05T22:15:10Z","upstream":["CVE-2022-35256"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35256"}],"affected":[{"package":{"name":"rust","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/rust"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.68.0-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-31039.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}]}