5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
33.1%
undici is an HTTP/1.1 client, written from scratch for Node.js.=< [email protected]
users are vulnerable to CRLF Injection on headers when
using unsanitized input as request headers, more specifically, inside the
content-type
header. Example: import { request } from 'undici' const unsanitizedContentTypeInput = 'application/json\r\n\r\nGET /foo2 HTTP/1.1' await request('http://localhost:3000, { method: 'GET', headers: { 'content-type': unsanitizedContentTypeInput }, })
The above snippet
will perform two requests in a single request
API call: 1)
http://localhost:3000/
2) http://localhost:3000/foo2
This issue was
patched in Undici v5.8.1. Sanitize input when sending content-type headers
using user input as a workaround.
github.com/nodejs/undici/commit/66165d604fd0aee70a93ed5c44ad4cc2df395f80 (v5.8.2)
github.com/nodejs/undici/security/advisories/GHSA-f772-66g8-q5h3
launchpad.net/bugs/cve/CVE-2022-35948
nvd.nist.gov/vuln/detail/CVE-2022-35948
security-tracker.debian.org/tracker/CVE-2022-35948
www.cve.org/CVERecord?id=CVE-2022-35948
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
33.1%