Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authorization
headers.
This is patched in v5.28.3 and v6.6.1
There are no known workarounds.
www.openwall.com/lists/oss-security/2024/03/11/1
github.com/advisories/GHSA-3787-6prv-h9w3
github.com/nodejs/undici/commit/b9da3e40f1f096a06b4caedbb27c2568730434ef
github.com/nodejs/undici/commit/d3aa574b1259c1d8d329a0f0f495ee82882b1458
github.com/nodejs/undici/releases/tag/v5.28.3
github.com/nodejs/undici/releases/tag/v6.6.1
github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3
nvd.nist.gov/vuln/detail/CVE-2024-24758
security.netapp.com/advisory/ntap-20240419-0007