CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
15.5%
Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authorization
headers.
This is patched in v5.28.3 and v6.6.1
There are no known workarounds.
www.openwall.com/lists/oss-security/2024/03/11/1
github.com/advisories/GHSA-3787-6prv-h9w3
github.com/nodejs/undici/commit/b9da3e40f1f096a06b4caedbb27c2568730434ef
github.com/nodejs/undici/commit/d3aa574b1259c1d8d329a0f0f495ee82882b1458
github.com/nodejs/undici/releases/tag/v5.28.3
github.com/nodejs/undici/releases/tag/v6.6.1
github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3
nvd.nist.gov/vuln/detail/CVE-2024-24758
security.netapp.com/advisory/ntap-20240419-0007
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
15.5%