CVE-2022-35948

CWE-74CWE-938 documents7 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 62.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nodejs Undici
Timeline
PublishedAug 15
Latest updateSep 23

Description

undici is an HTTP/1.1 client, written from scratch for Node.js.`=< [email protected]` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more specifically, inside the `content-type` header. Example: ``` import { request } from 'undici' const unsanitizedContentTypeInput = 'application/json\r\n\r\nGET /foo2 HTTP/1.1' await request('http://localhost:3000, { method: 'GET', headers: { 'content-type': unsanitizedContentTypeInput }, }) ``` The above snippet

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

NVDnodejs/undici< 5.8.2
Debiannode-undici< 5.8.2+dfsg1+~cs18.9.18.1-1+2
CVEListV5nodejs/undici=< 5.8.0
npmundici< 5.8.2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type2022-08-18
OSV
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type2022-08-18
OSV
CVE-2022-35948: undici is an HTTP/12022-08-15
CVEList
CRLF Injection in Nodejs ‘undici’ via Content-Type2022-08-13

📋Vendor Advisories

2
Red Hat
nodejs: undici vulnerable to CRLF via content headers2022-08-09
Debian
CVE-2022-35948: node-undici - undici is an HTTP/1.1 client, written from scratch for Node.js.`=< [email protected]`...2022

💬Community

1
HackerOne
CVE-2022-35948: CRLF Injection in Nodejs ‘undici’ via Content-Type2022-09-23
CVE-2022-35948 (MEDIUM CVSS 5.3) | undici is an HTTP/1.1 client | cvebase.io