GitHub Advisory DatabaseGHSA-3CVR-822R-RQCCundici before v5.8.0 vulnerable to CRLF injection in request headers
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
47.9%
Impact
It is possible to inject CRLF sequences into request headers in Undici.
const undici = require('undici')
const response = undici.request("http://127.0.0.1:1000", {
headers: {'a': "\r\nb"}
})
The same applies to path and method
Patches
Update to v5.8.0
Workarounds
Sanitize all HTTP headers from untrusted sources to eliminate \r\n.
References
https://hackerone.com/reports/409943
https://vulners.com/cve/CVE-2018-12116
For more information
If you have any questions or comments about this advisory:
- Open an issue in undici repository
- To make a report, follow the SECURITY document
References
github.com/advisories/GHSA-3cvr-822r-rqcc
github.com/nodejs/undici/commit/a29a151d0140d095742d21a004023d024fe93259
github.com/nodejs/undici/releases/tag/v5.8.0
github.com/nodejs/undici/security/advisories/GHSA-3cvr-822r-rqcc
hackerone.com/reports/409943
nvd.nist.gov/vuln/detail/CVE-2022-31150
security.netapp.com/advisory/ntap-20220915-0002/
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
47.9%