If you believe you have found a security issue in the software in this repository, please consult https://github.com/nodejs/node/blob/HEAD/SECURITY.md.
Security: nodejs/undici
Security
SECURITY.md
-
Data leak when using response.arrayBuffer()GHSA-3g92-w8c5-73pq published
Jul 8, 2024 by mcollinaLow -
Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipelineGHSA-m4v8-wqvr-p9f7 published
Apr 4, 2024 by mcollinaLow -
fetch with integrity option is too lax when algorithm is specified but hash value is in incorrectGHSA-9qxr-qj54-h672 published
Apr 4, 2024 by mcollinaLow -
Proxy-Authorization header not cleared on cross-origin redirect in fetchGHSA-3787-6prv-h9w3 published
Feb 16, 2024 by mcollinaLow -
Backpressure request ignored in fetch()GHSA-9f24-jqhm-jfcw published
Feb 16, 2024 by mcollinaModerate -
Cookie header not cleared on cross-origin redirect in fetchGHSA-wqq4-5wpv-mx2g published
Oct 12, 2023 by mcollinaLow -
CRLF Injection in Nodejs ‘undici’ via hostGHSA-5r9g-qh6m-jxff published
Feb 16, 2023 by mcollinaModerate -
Regular Expression Denial of Service in HeadersGHSA-r6ch-mqf9-qc9w published
Feb 16, 2023 by mcollinaLow -
CRLF Injection in Nodejs ‘undici’ via Content-TypeGHSA-f772-66g8-q5h3 published
Aug 9, 2022 by mcollinaModerate -
`undici.request` vulnerable to SSRF using absolute URL on `pathname`GHSA-8qr4-xgw6-wmr3 published
Aug 9, 2022 by mcollinaModerate
Learn more about advisories related to nodejs/undici in the GitHub Advisory Database