undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
- Severity:
- Low
Description
Authorization headers are already cleared on cross-origin redirect in https://github.com/nodejs/undici/blob/main/lib/handler/redirect.js#L189, based on https://github.com/nodejs/undici/issues/872.
However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared.
Recommendation
Update the undici package to the latest compatible version. Followings are version details:
- Affected version(s): < 5.8.0
- Patched version(s): 5.8.0
References
- GHSA-q768-x9m6-m9qp
- hackerone.com
- security.netapp.com
- CVE-2022-31151
- CWE-346
- CWE-601
- CWE-93
- CAPEC-310
- OWASP 2021-A1
- OWASP 2021-A3
- OWASP 2021-A6
- OWASP 2021-A7
Related Issues
- undici Denial of Service attack via bad certificate data - CVE-2025-47279
- Use of Insufficiently Random Values in undici - CVE-2025-22150
- fetch(url) leads to a memory leak in undici - CVE-2024-24750
- Undici vulnerable to data leak when using response.arrayBuffer() - CVE-2024-38372
- Tags:
- npm
- undici
Anything's wrong? Let us know Last updated on January 30, 2023