CVSS: 6.5EPSS: 3%CPEs: 11EXPL: 1CVE-2022-35256 – nodejs: HTTP Request Smuggling due to incorrect parsing of header fields
https://notcve.org/view.php?id=CVE-2022-35256
18 Oct 2022 — The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. El analizador llhttp en el módulo http en Node v18.7.0 no maneja correctamente los campos de encabezado que no terminan con CLRF. Esto puede resultar en tráfico ilegal de solicitudes HTTP. A vulnerability was found in NodeJS due to improper validation of HTTP requests. • https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-36046 – Unexpected server crash in Next.js version 12.2.3
https://notcve.org/view.php?id=CVE-2022-36046
31 Aug 2022 — Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start or a [custom server](https://nextjs.org/docs/advanced-features/custom-server). Deployments on Vercel ([vercel.com](https://vercel.com/)) are not affected along with similar environments where `next-server` isn't being shared across r... • https://github.com/vercel/next.js/releases/tag/v12.2.4 • CWE-248: Uncaught Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35948 – CRLF Injection in Nodejs ‘undici’ via Content-Type
https://notcve.org/view.php?id=CVE-2022-35948
13 Aug 2022 — undici is an HTTP/1.1 client, written from scratch for Node.js.`=< undici@5.8.0` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more specifically, inside the `content-type` header. Example: ``` import { request } from 'undici' const unsanitizedContentTypeInput = 'application/json\r\n\r\nGET /foo2 HTTP/1.1' await request('http://localhost:3000, { method: 'GET', headers: { 'content-type': unsanitizedContentTypeInput }, }) ``` The above snippet will perform... • https://github.com/nodejs/undici/commit/66165d604fd0aee70a93ed5c44ad4cc2df395f80 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35949 – `undici.request` vulnerable to SSRF using absolute URL on `pathname`
https://notcve.org/view.php?id=CVE-2022-35949
12 Aug 2022 — undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. If a user specifies a URL such as `http://127.0.0.1` or `//127.0.0.1` ```js const undici = require("undici") undici.request({origin: "http://example.com", pathname: "//127.0.0.1"}) ``` Instead of processing the request as `http://example.org//127.0.0.1` (or `http://example.org/http://127.0.... • https://github.com/nodejs/undici/commit/124f7ebf705366b2e1844dff721928d270f87895 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31151 – Uncleared cookies on cross-host/cross-origin redirect in undici
https://notcve.org/view.php?id=CVE-2022-31151
20 Jul 2022 — Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site. This was patched in v5.7.1. • https://github.com/nodejs/undici/issues/872 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-346: Origin Validation Error CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-31150 – CRLF injection in request headers
https://notcve.org/view.php?id=CVE-2022-31150
19 Jul 2022 — undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate `\r\n` is a workaround for this issue. undici es un cliente HTTP/1.1, escrito desde cero para Node.js. Es posible inyectar secuencias de tipo CRLF en los encabezados de las peticiones en undici en versiones anteriores a 5.7.1. • https://github.com/nodejs/undici/releases/tag/v5.8.0 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-32210
https://notcve.org/view.php?id=CVE-2022-32210
14 Jul 2022 — `Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via plain-text HTTP between Undici and the proxy server. "Undici.ProxyAgent" nunca verifica el certificado del servidor remoto, y siempre expone todos los datos de petición y respuesta al proxy. Esto significa inesperada... • https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-wx7w-2w33 • CWE-295: Improper Certificate Validation •
CVSS: 7.3EPSS: 6%CPEs: 6EXPL: 1CVE-2022-32223
https://notcve.org/view.php?id=CVE-2022-32223
14 Jul 2022 — Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.I... • https://github.com/ianyong/cve-2022-32223 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2022-32212 – nodejs: DNS rebinding in --inspect via invalid IP addresses
https://notcve.org/view.php?id=CVE-2022-32212
14 Jul 2022 — A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. Se presenta una vulnerabilidad de inyección de comandos en el Sistema Operativo en Node.js versiones anteriores a 14.20.0, anteriores a 16.16.0, anteriores a 18.5.0, debido a una comprobación insuficiente de IsAllowedHost ... • https://hackerone.com/reports/1632921 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-284: Improper Access Control CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 6.5EPSS: 89%CPEs: 15EXPL: 1CVE-2022-32213 – nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding
https://notcve.org/view.php?id=CVE-2022-32213
14 Jul 2022 — The llhttp parser