Vulnerabilities/

CRLF Injection in Nodejs ‘undici’ via host

Severity:: Medium

Description

undici library does not protect host HTTP header from CRLF injection vulnerabilities.

Recommendation

Update the undici package to the latest compatible version. Followings are version details:

Affected version(s): >= 2.0.0, < 5.19.1
Patched version(s): 5.19.1

References

Related Issues

Tags:: npm; undici

Anything's wrong? Let us know Last updated on February 24, 2023