Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Undici's cookie header not cleared on cross-origin redirect in fetch
Vulnerability Description
Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
信息暴露
Vulnerability Title
undici 信息泄露漏洞
Vulnerability Description
undici是一个HTTP/1.1客户端。 Undici 存在信息泄露漏洞,该漏洞源于没有清除Cookie标头,可能会导致 cookie 意外泄漏到第三方站点,或者导致可以控制重定向目标(即开放重定向器)以将 cookie 泄漏到第三方站点的恶意攻击者。
CVSS Information
N/A
Vulnerability Type
N/A