CVE-2022-35949

🗓️ 12 Aug 2022 00:00:00Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 228 Views🌐 WEB

undici HTTP/1.1 client SSRF vulnerability in path optio

Reporter	Title	Published	Views	Family All 34
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to loss of confidentiality due to CVE-2022-35948 and CVE-2022-35949	18 Aug 202214:30	–	ibm
Circl	CVE-2022-35949	13 Aug 202202:33	–	circl
CNNVD	undici 代码问题漏洞	12 Aug 202200:00	–	cnnvd
Cvelist	CVE-2022-35949 `undici.request` vulnerable to SSRF using absolute URL on `pathname`	12 Aug 202200:00	–	cvelist
Debian CVE	CVE-2022-35949	12 Aug 202200:00	–	debiancve
EUVD	EUVD-2022-6518	3 Oct 202520:07	–	euvd
Tenable Nessus	GLSA-202405-29 : Node.js: Multiple Vulnerabilities	8 May 202400:00	–	nessus
Tenable Nessus	SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2022:3196-1)	9 Sep 202200:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : nodejs16 (SUSE-SU-2022:3250-1)	13 Sep 202200:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : nodejs16 (SUSE-SU-2022:3251-1)	13 Sep 202200:00	–	nessus

NVD

Vulners

Node

nodejs undiciRange≤5.8.1node.js

[
  {
    "vendor": "nodejs",
    "product": "undici",
    "versions": [
      {
        "version": "<= 5.8.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/nodejs/undici/security/advisories/GHSA-8qr4-xgw6-wmr3
github	www.github.com/nodejs/undici/releases/tag/v5.8.2
github	www.github.com/nodejs/undici/commit/124f7ebf705366b2e1844dff721928d270f87895