{"id":"AZL-40893","summary":"CVE-2022-32214 affecting package rust for versions less than 1.75.0-1","details":"The llhttp parser \u003cv14.20.1, \u003cv16.17.1 and \u003cv18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).","modified":"2026-04-01T05:14:41.614381Z","published":"2022-07-14T15:15:08Z","upstream":["CVE-2022-32214"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32214"}],"affected":[{"package":{"name":"rust","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/rust"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.75.0-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-40893.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}]}