CVE-2022-32210

Опубликовано: 14 июл. 2022

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 6.5

Описание

Undici.ProxyAgent never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via plain-text HTTP between Undici and the proxy server.

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
esm-infra/focal	DNE
focal	DNE
impish	DNE
jammy	DNE
trusty	DNE
upstream	released	5.6.1+dfsg1+~cs18.9.16-1
xenial	DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 33%

0.00134

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2022-32210

CVSS3: 6.5

nvd

больше 3 лет назад

`Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via plain-text HTTP between Undici and the proxy server.

CVE-2022-32210

CVSS3: 6.5

debian

больше 3 лет назад

`Undici.ProxyAgent` never verifies the remote server's certificate, an ...

GHSA-pgw7-wx7w-2w33

CVSS3: 7.7

github

больше 3 лет назад

ProxyAgent vulnerable to MITM

EPSS

Процентиль: 33%

0.00134

Низкий

6.5 Medium

CVSS3

CVE-2022-32210

Описание

Пакет node-undici

Ссылки на источники

Связанные уязвимости