undici is vulnerable to open redirect. The vulnerability exists due to the insufficient checks in shouldRemoveHeader
function, which results in accidental leakage of cookie headers, allowing an attacker to redirect the victim to an attacker controlled site.