Nodejs

Undici

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.25%
  • Veröffentlicht 17.06.2026 17:31:03
  • Zuletzt bearbeitet 25.06.2026 17:46:21

Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one ...

  • EPSS 0.23%
  • Veröffentlicht 17.06.2026 17:14:50
  • Zuletzt bearbeitet 27.06.2026 23:46:06

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client...

  • EPSS 0.37%
  • Veröffentlicht 17.06.2026 17:04:09
  • Zuletzt bearbeitet 25.06.2026 17:44:16

Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorizatio...

  • EPSS 0.26%
  • Veröffentlicht 17.06.2026 16:56:18
  • Zuletzt bearbeitet 25.06.2026 17:43:39

Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 §5.4 does not specify any decoding and browsers do n...

  • EPSS 0.46%
  • Veröffentlicht 17.06.2026 16:46:42
  • Zuletzt bearbeitet 09.07.2026 13:17:32

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI (socks5:// or socks://). The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured...

  • EPSS 0.32%
  • Veröffentlicht 17.06.2026 16:36:55
  • Zuletzt bearbeitet 09.07.2026 13:17:31

Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, re...

  • EPSS 0.43%
  • Veröffentlicht 17.06.2026 16:20:32
  • Zuletzt bearbeitet 25.06.2026 17:46:52

Impact: The undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream many small fragments that each pass per-frame validation but c...

  • EPSS 0.76%
  • Veröffentlicht 17.06.2026 16:05:38
  • Zuletzt bearbeitet 09.07.2026 13:16:47

Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frame...

  • EPSS 0.87%
  • Veröffentlicht 12.03.2026 20:27:05
  • Zuletzt bearbeitet 02.07.2026 12:17:01

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the server_max_window_bits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically adver...

  • EPSS 0.49%
  • Veröffentlicht 12.03.2026 20:21:57
  • Zuletzt bearbeitet 02.07.2026 12:16:55

ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches ...