elysia 代码注入漏洞

elysia is a framework of elysia open source. A code injection vulnerability exists in elysia 1.4.17 and earlier versions, which stems from an uncleared cookie configuration and could lead to arbitrary code execution...

undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect

Impact Authorization headers are already cleared on cross-origin redirect in https://github.com/nodejs/undici/blob/main/lib/handler/redirect.jsL189, based on https://github.com/nodejs/undici/issues/872. However, cookie headers which are sensitive headers and are official headers found in the spec...