2 matches found
NPM: undici WebSocket client vulnerable to denial of service via fragment count bypass
NPM: undici WebSocket client vulnerable to denial of service via fragment count bypass vulnerability discovered by ? in WordPress Npm undici versions 6.27.0...
CRLF Injection
Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to CRLF Injection in the parseSetCookie. An attacker can inject arbitrary HTTP headers by supplying specially crafted percent-encoded values in the Set-Cookie header, which...