Vulnerabilities > Nodejs > Undici > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-08-12 CVE-2022-35949 Server-Side Request Forgery (SSRF) vulnerability in Nodejs Undici
undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`.
network
low complexity
nodejs CWE-918
critical
9.8