Vulnerabilities > Nodejs > Undici > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-16 | CVE-2023-23936 | Injection vulnerability in Nodejs Undici Undici is an HTTP/1.1 client for Node.js. | 5.4 |
| 2022-08-15 | CVE-2022-35948 | CRLF Injection vulnerability in Nodejs Undici undici is an HTTP/1.1 client, written from scratch for Node.js.`=< [email protected]` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more specifically, inside the `content-type` header. | 5.3 |
| 2022-07-21 | CVE-2022-31151 | Open Redirect vulnerability in Nodejs Undici Authorization headers are cleared on cross-origin redirect. | 6.5 |
| 2022-07-19 | CVE-2022-31150 | CRLF Injection vulnerability in Nodejs Undici undici is an HTTP/1.1 client, written from scratch for Node.js. | 6.5 |
| 2022-07-14 | CVE-2022-32210 | Improper Certificate Validation vulnerability in Nodejs Undici `Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. | 6.5 |