Уязвимость метода undici.request клиента HTTP/1.1 Undici программной платформы Node.js, позволяющая нарушителю внедрить произвольные HTTP-заголовки

Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici.

Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici.

Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici.

Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 ...

CRLF Injection in Nodejs ‘undici’ via host

Security update for nodejs18

Security update for nodejs18

Security update for nodejs16

Security update for nodejs16

Security update for nodejs16

Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update

ELSA-2023-2655: nodejs and nodejs-nodemon security, bug fix, and enhancement update (MODERATE)

ELSA-2023-1583: nodejs:18 security, bug fix, and enhancement update (MODERATE)

ELSA-2023-2654: nodejs:18 security, bug fix, and enhancement update (MODERATE)

ELSA-2023-1582: nodejs:16 security, bug fix, and enhancement update (MODERATE)