CRLF Injection
Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to CRLF Injection in the parseSetCookie. An attacker can inject arbitrary HTTP headers by supplying specially crafted percent-encoded values in the Set-Cookie header, which...