Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Undici vulnerable to Regular Expression Denial of Service in Headers
Vulnerability Description
Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
undici 安全漏洞
Vulnerability Description
undici是一个HTTP/1.1客户端。 undici 5.19.1之前版本存在安全漏洞,该漏洞源于当将不受信任的值传递给函数时容易受到正则表达式拒绝服务(ReDoS)攻击。
CVSS Information
N/A
Vulnerability Type
N/A