Lucene search
HackeroneCVELIST:CVE-2022-32210HistoryJul 14, 2022 - 2:51 p.m.
CVE-2022-32210
2022-07-1414:51:40
CWE-295
hackerone
www.cve.org
3
undici
proxyagent
https
traffic
vulnerability
certificate
verification
proxy server
EPSS
0.001
Percentile
46.4%
Undici.ProxyAgent never verifies the remote server’s certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy’s URL is HTTP then it also means that nominally HTTPS requests are actually sent via plain-text HTTP between Undici and the proxy server.
CNA Affected
[
{
"product": "https://github.com/nodejs/undici",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in version >= v5.5.1. Vulnerable between v4.8.2 and v5.5.0"
}
]
}
]Related
osv
osv
CVE-2022-32210
2022-07-14 15:15:08
ProxyAgent vulnerable to MITM
2022-06-17 01:02:29
veracode
veracode
Improper Certificate Validation
2022-06-20 11:51:00
ibm
ibm
cve
cve
CVE-2022-32210
2022-07-14 15:15:08
github
github
ProxyAgent vulnerable to MITM
2022-06-17 01:02:29
hackerone
hackerone
ubuntucve
ubuntucve
CVE-2022-32210
2022-07-14 00:00:00
debiancve
debiancve
CVE-2022-32210
2022-07-14 15:15:08
prion
prion
Design/Logic Flaw
2022-07-14 15:15:00
nvd
nvd
CVE-2022-32210
2022-07-14 15:15:08