Lucene search
Veracode Vulnerability DatabaseVERACODE:36715HistoryAug 15, 2022 - 10:21 a.m.
Server-Side Request Forgery (SSRF)
2022-08-1510:21:55
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
53
undici
ssrf
vulnerability
path parameter
remote attackers
0.002 Low
EPSS
Percentile
61.0%
undici is vulnerable to server-side request forgery. The library assumes that the hostname won’t change, when in actuality it can change because the specified path parameter is combined with the base URL, allowing remote attackers to cause SSRF attacks via sending a crafted request through the path parameter of undici.request.
Related
cve
cve
CVE-2022-35949
2022-08-12 23:15:07
ubuntucve
ubuntucve
CVE-2022-35949
2022-08-12 00:00:00
cvelist
cvelist
hackerone
hackerone
debiancve
debiancve
CVE-2022-35949
2022-08-12 23:15:07
osv
osv
`undici.request` vulnerable to SSRF using absolute URL on `pathname`
2022-08-18 18:59:46
CVE-2022-35949
2022-08-12 23:15:07
redhatcve
redhatcve
CVE-2022-35949
2022-08-24 11:39:42
nvd
nvd
CVE-2022-35949
2022-08-12 23:15:07
prion
prion
Server side request forgery (ssrf)
2022-08-12 23:15:00
github
github
`undici.request` vulnerable to SSRF using absolute URL on `pathname`
2022-08-18 18:59:46
ibm
ibm
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:3251-1)
2022-09-13 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3196-1)
2022-09-09 00:00:00
openSUSE: Security Advisory for nodejs16 (SUSE-SU-2022:3251-1)
2022-09-13 00:00:00
suse
suse
Security update for nodejs16 (moderate)
2022-09-12 00:00:00
Security update for nodejs16 (moderate)
2022-09-12 00:00:00
nessus
nessus
SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2022:3196-1)
2022-09-09 00:00:00
SUSE SLES15 Security Update : nodejs16 (SUSE-SU-2022:3250-1)
2022-09-13 00:00:00
SUSE SLES15 Security Update : nodejs16 (SUSE-SU-2022:3251-1)
2022-09-13 00:00:00
redhat
redhat
gentoo
gentoo
Node.js: Multiple Vulnerabilities
2024-05-08 00:00:00