Open Redirect

2022-07-2208:40:00

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

41.3%

JSON

undici is vulnerable to open redirect. The vulnerability exists due to the insufficient checks in shouldRemoveHeader function, which results in accidental leakage of cookie headers, allowing an attacker to redirect the victim to an attacker controlled site.

CPENameOperatorVersion
undicile5.4.0
undicile5.7.0
undicile5.4.0
undicile5.7.0

Name	Operator	Version
undici	le	5.4.0
undici	le	5.7.0
undici	le	5.4.0
undici	le	5.7.0

References

github.com/nodejs/undici/commit/0a5bee9465e627be36bac88edf7d9bbc9626126d

github.com/nodejs/undici/issues/872

github.com/nodejs/undici/pull/875

github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp

hackerone.com/reports/1635514

security.netapp.com/advisory/ntap-20220909-0006/

0.001 Low

EPSS

Percentile

41.3%

JSON

Related for VERACODE:36437