undici before v5.8.0 vulnerable to CRLF injection in request headers
- Severity:
- Medium
Description
It is possible to inject CRLF sequences into request headers in Undici.
The same applies to path and method
Recommendation
Update the undici package to the latest compatible version. Followings are version details:
- Affected version(s): < 5.8.0
- Patched version(s): 5.8.0
References
- GHSA-3cvr-822r-rqcc
- hackerone.com
- security.netapp.com
- CVE-2022-31150
- CWE-93
- CAPEC-310
- OWASP 2021-A3
- OWASP 2021-A6
Related Issues
- `undici.request` vulnerable to SSRF using absolute URL on `pathname` - CVE-2022-35949
- Undici's cookie header not cleared on cross-origin redirect in fetch - CVE-2023-45143
- bigint-buffer Vulnerable to Buffer Overflow via toBigIntLE() Function - CVE-2025-3194
- Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline - CVE-2024-30260
- Tags:
- npm
- undici
Anything's wrong? Let us know Last updated on January 27, 2023