Lucene search

[email protected]CVE-2022-31151

HistoryJul 21, 2022 - 4:15 a.m.

CVE-2022-31151

2022-07-2104:15:12

CWE-346

CWE-601

[email protected]

web.nvd.nist.gov

cve-2022-31151

authorization headers

cross-origin redirect

cookie headers

sensitive headers

undici

leakage

open redirector

patch

vulnerability

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.3%

JSON

Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site. This was patched in v5.7.1. By default, this vulnerability is not exploitable. Do not enable redirections, i.e. maxRedirections: 0 (the default).

Affected configurations

Vulners

NVD

Node

nodejsundiciRange<5.7.1

VendorProductVersionCPE
nodejsundici*cpe:2.3:a:nodejs:undici:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nodejs	undici	*	cpe:2.3:a:nodejs:undici::::::::

CNA Affected

[
  {
    "product": "undici",
    "vendor": "nodejs",
    "versions": [
      {
        "status": "affected",
        "version": "< 5.7.1"
      }
    ]
  }
]