3.9 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
6.4 Medium
AI Score
Confidence
Low
Undici is vulnerable to Cross-Origin Cookie Leakage. The vulnerability is due to a failure to clear cookie headers which may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target.
github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76
github.com/nodejs/undici/releases/tag/v5.26.2
github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp
github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g
hackerone.com/reports/2166948
lists.fedoraproject.org/archives/list/[email protected]/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
lists.fedoraproject.org/archives/list/[email protected]/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
lists.fedoraproject.org/archives/list/[email protected]/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
lists.fedoraproject.org/archives/list/[email protected]/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
lists.fedoraproject.org/archives/list/[email protected]/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
lists.fedoraproject.org/archives/list/[email protected]/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/