pkg:npm/undici
Type
npm
Name
undici
Known advisories, vulnerabilities and fixes for undici package.
- Repository
- https://www.npmjs.com/package/undici
High
2
Moderate
5
Low
6
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | >= 6.0.0, <= 6.6.0 <= 5.28.2 |
CVE-2024-24758
|
 NPM:GHSA-3787-6PRV-H9W3
|
Undici proxy-authorization header not cleared on cross-origin redirect in fetch | low |
2024-02-16T16:02:52
(7 months ago) |
|
| Fixed | = 6.6.1 = 5.28.3 |
CVE-2024-24758
|
NPM:GHSA-3787-6PRV-H9W3
|
Undici proxy-authorization header not cleared on cross-origin redirect in fetch | low |
2024-02-16T16:02:52
(7 months ago) |
|
| Affected | < 5.8.0 |
CVE-2022-31150
|
NPM:GHSA-3CVR-822R-RQCC
|
undici before v5.8.0 vulnerable to CRLF injection in request headers | moderate |
2022-07-21T20:30:10
(2 years ago) |
|
| Fixed | = 5.8.0 |
CVE-2022-31150
|
NPM:GHSA-3CVR-822R-RQCC
|
undici before v5.8.0 vulnerable to CRLF injection in request headers | moderate |
2022-07-21T20:30:10
(2 years ago) |
|
| Affected | >= 6.14.0, < 6.19.2 |
CVE-2024-38372
|
NPM:GHSA-3G92-W8C5-73PQ
|
Undici vulnerable to data leak when using response.arrayBuffer() | low |
2024-07-09T13:32:30
(2 months ago) |
|
| Fixed | = 6.19.2 |
CVE-2024-38372
|
NPM:GHSA-3G92-W8C5-73PQ
|
Undici vulnerable to data leak when using response.arrayBuffer() | low |
2024-07-09T13:32:30
(2 months ago) |
|
| Affected | >= 2.0.0, < 5.19.1 |
CVE-2023-23936
|
NPM:GHSA-5R9G-QH6M-JXFF
|
CRLF Injection in Nodejs ‘undici’ via host | moderate |
2023-02-16T20:46:30
(19 months ago) |
|
| Fixed | = 5.19.1 |
CVE-2023-23936
|
NPM:GHSA-5R9G-QH6M-JXFF
|
CRLF Injection in Nodejs ‘undici’ via host | moderate |
2023-02-16T20:46:30
(19 months ago) |
|
| Affected | <= 5.8.1 |
CVE-2022-35949
|
NPM:GHSA-8QR4-XGW6-WMR3
|
`undici.request` vulnerable to SSRF using absolute URL on `pathname` | moderate |
2022-08-18T18:59:46
(2 years ago) |
|
| Fixed | = 5.8.2 |
CVE-2022-35949
|
NPM:GHSA-8QR4-XGW6-WMR3
|
`undici.request` vulnerable to SSRF using absolute URL on `pathname` | moderate |
2022-08-18T18:59:46
(2 years ago) |
|
| Affected | >= 6.0.0, <= 6.6.0 |
CVE-2024-24750
|
NPM:GHSA-9F24-JQHM-JFCW
|
fetch(url) leads to a memory leak in undici | moderate |
2024-02-16T15:59:38
(7 months ago) |
|
| Fixed | = 6.6.1 |
CVE-2024-24750
|
NPM:GHSA-9F24-JQHM-JFCW
|
fetch(url) leads to a memory leak in undici | moderate |
2024-02-16T15:59:38
(7 months ago) |
|
| Affected | >= 6.0.0, < 6.11.1 < 5.28.4 |
CVE-2024-30261
|
NPM:GHSA-9QXR-QJ54-H672
|
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect | low |
2024-04-04T14:20:54
(5 months ago) |
|
| Fixed | = 6.11.1 = 5.28.4 |
CVE-2024-30261
|
NPM:GHSA-9QXR-QJ54-H672
|
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect | low |
2024-04-04T14:20:54
(5 months ago) |
|
| Affected | <= 5.8.1 |
CVE-2022-35948
|
NPM:GHSA-F772-66G8-Q5H3
|
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type | moderate |
2022-08-18T19:02:56
(2 years ago) |
|
| Fixed | = 5.8.2 |
CVE-2022-35948
|
NPM:GHSA-F772-66G8-Q5H3
|
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type | moderate |
2022-08-18T19:02:56
(2 years ago) |
|
| Affected | >= 6.0.0, < 6.11.1 < 5.28.4 |
CVE-2024-30260
|
NPM:GHSA-M4V8-WQVR-P9F7
|
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline | low |
2024-04-04T14:20:39
(5 months ago) |
|
| Fixed | = 6.11.1 = 5.28.4 |
CVE-2024-30260
|
NPM:GHSA-M4V8-WQVR-P9F7
|
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline | low |
2024-04-04T14:20:39
(5 months ago) |
|
| Affected | >= 4.8.2, <= 5.5.0 |
CVE-2022-32210
|
NPM:GHSA-PGW7-WX7W-2W33
|
ProxyAgent vulnerable to MITM | high |
2022-06-17T01:02:29
(2 years ago) |
|
| Fixed | = 5.5.1 |
CVE-2022-32210
|
NPM:GHSA-PGW7-WX7W-2W33
|
ProxyAgent vulnerable to MITM | high |
2022-06-17T01:02:29
(2 years ago) |
|
| Affected | < 5.8.0 |
CVE-2022-31151
|
NPM:GHSA-Q768-X9M6-M9QP
|
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect | low |
2022-07-21T20:31:05
(2 years ago) |
|
| Fixed | = 5.8.0 |
CVE-2022-31151
|
NPM:GHSA-Q768-X9M6-M9QP
|
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect | low |
2022-07-21T20:31:05
(2 years ago) |
|
| Affected | < 5.19.1 |
CVE-2023-24807
|
NPM:GHSA-R6CH-MQF9-QC9W
|
Regular Expression Denial of Service in Headers | high |
2023-02-16T20:46:10
(19 months ago) |
|
| Fixed | = 5.19.1 |
CVE-2023-24807
|
NPM:GHSA-R6CH-MQF9-QC9W
|
Regular Expression Denial of Service in Headers | high |
2023-02-16T20:46:10
(19 months ago) |
|
| Affected | < 5.26.2 |
CVE-2023-45143
|
NPM:GHSA-WQQ4-5WPV-MX2G
|
Undici's cookie header not cleared on cross-origin redirect in fetch | low |
2023-10-16T14:05:37
(11 months ago) |
|
| Fixed | = 5.26.2 |
CVE-2023-45143
|
NPM:GHSA-WQQ4-5WPV-MX2G
|
Undici's cookie header not cleared on cross-origin redirect in fetch | low |
2023-10-16T14:05:37
(11 months ago) |