undici

Use of Insufficiently Random Values in undici

CRLF Injection in Nodejs ‘undici’ via host

undici before v5.8.0 vulnerable to CRLF injection in request headers

Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression

Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS

Regular Expression Denial of Service in Headers

Undici vulnerable to data leak when using response.arrayBuffer()

Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client

Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type

Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion

Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation

ProxyAgent vulnerable to MITM

undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect

Undici's cookie header not cleared on cross-origin redirect in fetch

`undici.request` vulnerable to SSRF using absolute URL on `pathname`

Undici has CRLF Injection in undici via `upgrade` option

Undici has an HTTP Request/Response Smuggling issue

undici Denial of Service attack via bad certificate data

undici WebSocket client vulnerable to denial of service via cumulative fragment bypass

undici vulnerable to cross-user information disclosure via shared cache whitespace bypass

undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse

undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching

undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent

undici WebSocket client vulnerable to denial of service via fragment count bypass