Vulnerabilities > Nodejs > Undici

DATE CVE VULNERABILITY TITLE RISK
2024-04-04 CVE-2024-30260 Incorrect Authorization vulnerability in multiple products
Undici is an HTTP/1.1 client, written from scratch for Node.js.
network
low complexity
nodejs fedoraproject CWE-863
4.3
2024-04-04 CVE-2024-30261 Undici is an HTTP/1.1 client, written from scratch for Node.js.
network
low complexity
nodejs fedoraproject
3.5
2024-02-16 CVE-2024-24750 Memory Leak vulnerability in Nodejs Undici
Undici is an HTTP/1.1 client, written from scratch for Node.js.
network
low complexity
nodejs CWE-401
6.5
2024-02-16 CVE-2024-24758 Unspecified vulnerability in Nodejs Undici
Undici is an HTTP/1.1 client, written from scratch for Node.js.
network
low complexity
nodejs
4.5
2023-10-12 CVE-2023-45143 Undici is an HTTP/1.1 client written from scratch for Node.js.
network
low complexity
nodejs fedoraproject
3.5
2023-02-16 CVE-2023-23936 Injection vulnerability in Nodejs Undici
Undici is an HTTP/1.1 client for Node.js.
network
low complexity
nodejs CWE-74
5.4
2023-02-16 CVE-2023-24807 Unspecified vulnerability in Nodejs Undici
Undici is an HTTP/1.1 client for Node.js.
network
low complexity
nodejs
7.5
2022-08-15 CVE-2022-35948 Unspecified vulnerability in Nodejs Undici
undici is an HTTP/1.1 client, written from scratch for Node.js.`=< [email protected]` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more specifically, inside the `content-type` header.
network
low complexity
nodejs
5.3
2022-08-12 CVE-2022-35949 Unspecified vulnerability in Nodejs Undici
undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`.
network
low complexity
nodejs
critical
9.8
2022-07-21 CVE-2022-31151 Unspecified vulnerability in Nodejs Undici
Authorization headers are cleared on cross-origin redirect.
network
low complexity
nodejs
6.5