Published: 19/07/2022 Updated: 28/10/2022

CVSS v3 Base Score: 6.5 | Impact Score: 2.5 | Exploitability Score: 3.9

VMScore: 0

undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate `\r\n` is a workaround for this issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nodejs undici

Synopsis Critical: Red Hat Advanced Cluster Management 246 security update and bug fixes Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes 246 GeneralAvailability release images, which fix bugs and update container imagesRed Hat Product Security has rated this update as having a security i ...

undici is an HTTP/11 client, written from scratch for Nodejs It is possible to inject CRLF sequences into request headers in undici in versions less than 571 A fix was released in version 580 Sanitizing all HTTP headers from untrusted sources to eliminate `\r\n` is a workaround for this issue ...

CWE-93 https://github.com/nodejs/undici/security/advisories/GHSA-3cvr-822r-rqcc https://hackerone.com/reports/409943 https://github.com/nodejs/undici/releases/tag/v5.8.0 https://security.netapp.com/advisory/ntap-20220915-0002/https://access.redhat.com/errata/RHSA-2022:6696 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-31150

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect