1. Home
  2. Vulnerabilities
  3. CVE-2022-35948

CVE-2022-35948

CVSS v3.1 5.3 (Medium)
53% Progress
EPSS 0.08 % (35th)
0.08% Progress
Affected Products 1
Advisories 5
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

undici is an HTTP/1.1 client, written from scratch for Node.js.=< undici@5.8.0 users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside the content-type header. Example: import { request } from 'undici' const unsanitizedContentTypeInput = 'application/json\r\n\r\nGET /foo2 HTTP/1.1' await request('http://localhost:3000, { method: 'GET', headers: { 'content-type': unsanitizedContentTypeInput }, }) The above snippet will perform two requests in a single request API call: 1) http://localhost:3000/ 2) http://localhost:3000/foo2 This issue was patched in Undici v5.8.1. Sanitize input when sending content-type headers using user input as a workaround.

Weaknesses
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-NVD-Other
CVE Status
PUBLISHED
CNA
GitHub, Inc.
Published Date
2022-08-15 11:21:38
(2 years ago)
Updated Date
2023-03-28 17:08:29
(18 months ago)

Affected Products

Nodejs

Configuration #1

    CPE23 From Up To
  Nodejs Undici for Node.js prior 5.8.2 version cpe:2.3:a:nodejs:undici::*:*:*:*:node.js < 5.8.2