VYPR

npm package

undici

pkg:npm/undici

Vulnerabilities (22)

  • CVE-2022-31150Jul 19, 2022
    affected < 5.8.0fixed 5.8.0

    undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate `\r\n` is a wor

  • CVE-2022-32210Jul 14, 2022
    affected >= 4.8.2, < 5.5.1fixed 5.5.1

    `Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are ac

Page 2 of 2