漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
CRLF Injection in Nodejs ‘undici’ via host
Vulnerability Description
Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
对CRLF序列的转义处理不恰当(CRLF注入)
Vulnerability Title
undici 注入漏洞
Vulnerability Description
undici是一个HTTP/1.1客户端。 undici 2.0.0版本至5.19.1之前版本存在安全漏洞,该漏洞源于容易受到CRLF注入漏洞的影响。
CVSS Information
N/A
Vulnerability Type
N/A