Vulnerabilities > Nodejs > Undici
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-12 | CVE-2023-45143 | Information Exposure vulnerability in multiple products Undici is an HTTP/1.1 client written from scratch for Node.js. | 3.5 |
| 2023-02-16 | CVE-2023-23936 | Injection vulnerability in Nodejs Undici Undici is an HTTP/1.1 client for Node.js. | 5.4 |
| 2023-02-16 | CVE-2023-24807 | Unspecified vulnerability in Nodejs Undici Undici is an HTTP/1.1 client for Node.js. | 7.5 |
| 2022-08-15 | CVE-2022-35948 | CRLF Injection vulnerability in Nodejs Undici undici is an HTTP/1.1 client, written from scratch for Node.js.`=< [email protected]` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more specifically, inside the `content-type` header. | 5.3 |
| 2022-08-12 | CVE-2022-35949 | Server-Side Request Forgery (SSRF) vulnerability in Nodejs Undici undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. | 9.8 |
| 2022-07-21 | CVE-2022-31151 | Open Redirect vulnerability in Nodejs Undici Authorization headers are cleared on cross-origin redirect. | 6.5 |
| 2022-07-19 | CVE-2022-31150 | CRLF Injection vulnerability in Nodejs Undici undici is an HTTP/1.1 client, written from scratch for Node.js. | 6.5 |
| 2022-07-14 | CVE-2022-32210 | Improper Certificate Validation vulnerability in Nodejs Undici `Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. | 6.5 |