[NPM:GHSA-F772-66G8-Q5H3] Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type
Severity
Moderate
Affected Packages
1
Fixed Packages
1
CVEs
1
Impact
=< undici@5.8.0 users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside the content-type header.
Example:
```
import { request } from 'undici'
const unsanitizedContentTypeInput = 'application/json\r\n\r\nGET /foo2 HTTP/1.1'
await request('http://localhost:3000, {
method: 'GET',
headers: {
'content-type': unsanitizedContentTypeInput
},
})
```
The above snippet will perform two requests in a single request API call:
1) http://localhost:3000/
2) http://localhost:3000/foo2
Patches
This issue was patched in Undici v5.8.1
Workarounds
Sanitize input when sending content-type headers using user input.
For more information
If you have any questions or comments about this advisory:
- Open an issue in undici repository
- To make a report, follow the SECURITY document
| Package | Affected Version |
|---|---|
 pkg:npm/undici
|
<= 5.8.1 |
| Package | Fixed Version |
|---|---|
|
pkg:npm/undici
|
= 5.8.2 |
- ID
- NPM:GHSA-F772-66G8-Q5H3
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-f772-66g8-q5h3
- Published
-
2022-08-18T19:02:56
(2 years ago) - Modified
-
2023-02-03T05:04:25
(19 months ago) - Rights
- NPM Security Team
- Other Advisories
GLSA-202405-29
SUSE-SU-2022:3196-1| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |