undici

Use of Insufficiently Random Values in undici

CRLF Injection in Nodejs ‘undici’ via host

undici before v5.8.0 vulnerable to CRLF injection in request headers

Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression

Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client

Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS

Regular Expression Denial of Service in Headers

Undici vulnerable to data leak when using response.arrayBuffer()

Undici has CRLF Injection in undici via `upgrade` option

Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type

Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion

Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation

ProxyAgent vulnerable to MITM

undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect

Undici's cookie header not cleared on cross-origin redirect in fetch

`undici.request` vulnerable to SSRF using absolute URL on `pathname`

Undici has an HTTP Request/Response Smuggling issue

undici Denial of Service attack via bad certificate data