undici before v5.8.0 vulnerable to CRLF injection in request headers
- Severity:
- Medium
Description
It is possible to inject CRLF sequences into request headers in Undici.
The same applies to path and method
Recommendation
Update the undici package to the latest compatible version. Followings are version details:
- Affected version(s): < 5.8.0
- Patched version(s): 5.8.0
References
- GHSA-3cvr-822r-rqcc
- hackerone.com
- security.netapp.com
- CVE-2022-31150
- CWE-93
- CAPEC-310
- OWASP 2021-A3
- OWASP 2021-A6
Related Issues
- `undici.request` vulnerable to SSRF using absolute URL on `pathname` - CVE-2022-35949
- Undici's cookie header not cleared on cross-origin redirect in fetch - CVE-2023-45143
- Follow Redirects improperly handles URLs in the url.parse() function - CVE-2023-26159
- Exposure of Sensitive Information to an Unauthorized Actor in nanoid - CVE-2021-23566
- Tags:
- npm
- undici
Anything's wrong? Let us know Last updated on January 27, 2023