Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-24807

Опубликовано: 16 фев. 2023
Источник: debian

Описание

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
node-undicifixed5.19.1+dfsg1+~cs20.10.9.5-1package
node-undicifixed5.15.0+dfsg1+~cs20.10.9.3-1+deb12u1bookwormpackage

Примечания

  • https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w

  • https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf (v5.19.1)

Связанные уязвимости

ubuntu логотип

CVE-2023-24807

CVSS3: 7.5
ubuntu
почти 3 года назад

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.

redhat логотип

CVE-2023-24807

CVSS3: 7.5
redhat
почти 3 года назад

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.

nvd логотип

CVE-2023-24807

CVSS3: 7.5
nvd
почти 3 года назад

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.

msrc логотип

CVE-2023-24807

CVSS3: 7.5
msrc
почти 3 года назад

Описание отсутствует

github логотип

GHSA-r6ch-mqf9-qc9w

CVSS3: 7.5
github
почти 3 года назад

Regular Expression Denial of Service in Headers