undici@4.7.3 vulnerabilities
An HTTP/1.1 client, written from scratch for Node.js
-
latest version
6.21.0
-
latest non vulnerable version
-
first published
6 years ago
-
latest version published
8 days ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the undici package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Improper Authorization due to improper handling of How to fix Improper Authorization? Upgrade |
<5.28.4
>=6.0.0 <6.11.1
|
undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Improper Access Control due to the How to fix Improper Access Control? Upgrade |
<5.28.4
>=6.0.0 <6.11.1
|
undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains due to not clearing How to fix Permissive Cross-domain Policy with Untrusted Domains? Upgrade |
<5.28.3
>=6.0.0 <6.6.1
|
undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Information Exposure during the Note: This is only exploitable if the attacker can control the redirection target. How to fix Information Exposure? Upgrade |
<5.26.2
|
undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the How to fix Regular Expression Denial of Service (ReDoS)? Upgrade |
<5.19.1
|
undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to CRLF Injection due to missing protection for the How to fix CRLF Injection? Upgrade |
>=2.0.0 <5.19.1
|
undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to CRLF Injection when using unsanitized input as request headers (for example, inside the How to fix CRLF Injection? Upgrade |
<5.8.2
|
undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) when an application takes in unsanitized user input into the How to fix Server-side Request Forgery (SSRF)? Upgrade |
<5.8.2
|
undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Information Exposure by not clearing cookie headers upon third party redirect. Note: This is only exploitable when How to fix Information Exposure? Upgrade |
<5.8.0
|
undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to CRLF Injection in How to fix CRLF Injection? Upgrade |
<5.8.0
|