Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5
CVE-2022-31150
- EPSS 0.51%
- Veröffentlicht 19.07.2022 21:15:15
- Zuletzt bearbeitet 21.11.2024 07:04:00
undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted source...
6.5
CVE-2022-32210
- EPSS 0.13%
- Veröffentlicht 14.07.2022 15:15:08
- Zuletzt bearbeitet 21.11.2024 07:05:55
`Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that n...