Vulnerabilities > Nodejs > Undici > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-02-16 CVE-2023-23936 Injection vulnerability in Nodejs Undici
Undici is an HTTP/1.1 client for Node.js.
network
low complexity
nodejs CWE-74
5.4
2022-08-15 CVE-2022-35948 CRLF Injection vulnerability in Nodejs Undici
undici is an HTTP/1.1 client, written from scratch for Node.js.`=< [email protected]` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more specifically, inside the `content-type` header.
network
low complexity
nodejs CWE-93
5.3
2022-07-21 CVE-2022-31151 Open Redirect vulnerability in Nodejs Undici
Authorization headers are cleared on cross-origin redirect.
network
low complexity
nodejs CWE-601
6.5
2022-07-19 CVE-2022-31150 CRLF Injection vulnerability in Nodejs Undici
undici is an HTTP/1.1 client, written from scratch for Node.js.
network
low complexity
nodejs CWE-93
6.5
2022-07-14 CVE-2022-32210 Improper Certificate Validation vulnerability in Nodejs Undici
`Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy.
network
high complexity
nodejs CWE-295
6.5