Vulnerabilities > Nodejs > Undici
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-04-04 | CVE-2024-30260 | Incorrect Authorization vulnerability in multiple products Undici is an HTTP/1.1 client, written from scratch for Node.js. | 4.3 |
2024-04-04 | CVE-2024-30261 | Undici is an HTTP/1.1 client, written from scratch for Node.js. | 3.5 |
2024-02-16 | CVE-2024-24750 | Memory Leak vulnerability in Nodejs Undici Undici is an HTTP/1.1 client, written from scratch for Node.js. | 6.5 |
2024-02-16 | CVE-2024-24758 | Unspecified vulnerability in Nodejs Undici Undici is an HTTP/1.1 client, written from scratch for Node.js. | 4.5 |
2023-10-12 | CVE-2023-45143 | Undici is an HTTP/1.1 client written from scratch for Node.js. | 3.5 |
2023-02-16 | CVE-2023-23936 | Injection vulnerability in Nodejs Undici Undici is an HTTP/1.1 client for Node.js. | 5.4 |
2023-02-16 | CVE-2023-24807 | Unspecified vulnerability in Nodejs Undici Undici is an HTTP/1.1 client for Node.js. | 7.5 |
2022-08-15 | CVE-2022-35948 | Unspecified vulnerability in Nodejs Undici undici is an HTTP/1.1 client, written from scratch for Node.js.`=< [email protected]` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more specifically, inside the `content-type` header. | 5.3 |
2022-08-12 | CVE-2022-35949 | Unspecified vulnerability in Nodejs Undici undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. | 9.8 |
2022-07-21 | CVE-2022-31151 | Unspecified vulnerability in Nodejs Undici Authorization headers are cleared on cross-origin redirect. | 6.5 |