pkg:Debian/node-undici

All known vulnerabilities

• HIGH7.7CVE-2022-32210ProxyAgent vulnerable to MITM
  from 0, < 5.6.1+dfsg1+~cs18.9.16-1
• HIGH7.5CVE-2026-1526Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression
  from 0
• HIGH7.5CVE-2026-2229Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation
  from 0
• HIGH7.5Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client
  from 0
• HIGH7.5Regular Expression Denial of Service in Headers
  from 0, < 5.15.0+dfsg1+~cs20.10.9.3-1+deb12u1
• MEDIUM6.8Use of Insufficiently Random Values in undici
  from 0
• MEDIUM6.5Undici has an HTTP Request/Response Smuggling issue
  from 0
• MEDIUM6.5A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`.
  from 0
• MEDIUM5.9Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS
  from 0
• MEDIUM5.9Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion
  from 0
• MEDIUM5.3Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type
  from 0, < 5.8.2+dfsg1+~cs18.9.18.1-1
• MEDIUM5.3`undici.request` vulnerable to SSRF using absolute URL on `pathname`
  from 0, < 5.8.2+dfsg1+~cs18.9.18.1-1
• MEDIUM5.3undici before v5.8.0 vulnerable to CRLF injection in request headers
  from 0, < 5.8.0+dfsg1+~cs18.9.16-1
• MEDIUM4.6Undici has CRLF Injection in undici via `upgrade` option
  from 0
• MEDIUM4.6CRLF Injection in Nodejs ‘undici’ via host
  from 0, < 5.15.0+dfsg1+~cs20.10.9.3-1+deb12u1
• LOW3.9Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
  from 0
• LOW3.9Undici proxy-authorization header not cleared on cross-origin redirect in fetch
  from 0
• LOW3.9Undici's cookie header not cleared on cross-origin redirect in fetch
  from 0, < 5.15.0+dfsg1+~cs20.10.9.3-1+deb12u2
• LOW3.7undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
  from 0, < 5.8.0+dfsg1+~cs18.9.16-1
• LOW3.1undici Denial of Service attack via bad certificate data
  from 0
• LOW2.6Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
  from 0