CVE-2022-35949

CWE-918Server-Side Request Forgery (SSRF)8 documents7 sources
Severity
9.8CRITICAL
EPSS
0.4%
top 39.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nodejs Undici
Timeline
PublishedAug 12
Latest updateSep 23

Description

undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. If a user specifies a URL such as `http://127.0.0.1` or `//127.0.0.1` ```js const undici = require("undici") undici.request({origin: "http://example.com", pathname: "//127.0.0.1"}) ``` Instead of processing the request as `http://example.org//127.0.0.1` (or `http://example.org/h

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

Debiannode-undici< 5.8.2+dfsg1+~cs18.9.18.1-1+2
CVEListV5nodejs/undici5.8.1
NVDnodejs/undici5.8.1
npmundici< 5.8.2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
`undici.request` vulnerable to SSRF using absolute URL on `pathname`2022-08-18
GHSA
`undici.request` vulnerable to SSRF using absolute URL on `pathname`2022-08-18
OSV
CVE-2022-35949: undici is an HTTP/12022-08-12
CVEList
`undici.request` vulnerable to SSRF using absolute URL on `pathname`2022-08-12

📋Vendor Advisories

2
Red Hat
nodejs: undici.request vulnerable to SSRF2022-08-09
Debian
CVE-2022-35949: node-undici - undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulne...2022

💬Community

1
HackerOne
[CVE-2022-35949]: undici.request vulnerable to SSRF using absolute / protocol-relative URL on pathname2022-09-23
CVE-2022-35949 (CRITICAL CVSS 9.8) | undici is an HTTP/1.1 client | cvebase.io