Page 8 of 168 results (0.007 seconds)

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start or a [custom server](https://nextjs.org/docs/advanced-features/custom-server). Deployments on Vercel ([vercel.com](https://vercel.com/)) are not affected along with similar environments where `next-server` isn't being shared across requests. Next.js es un framework de React que puede proporcionar bloques de construcción para crear aplicaciones web. Todo lo siguiente debe ser cierto para estar afectado por esta CVE: Next.js versión 12.2.3, Node.js versiones superiores a v15.0.0, siendo usado con la salida estricta "unhandledRejection" Y usando next start o un [servidor personalizado](https://nextjs.org/docs/advanced-features/custom-server). • https://github.com/vercel/next.js/releases/tag/v12.2.4 https://github.com/vercel/next.js/security/advisories/GHSA-wff4-fpwg-qqv3 • CWE-248: Uncaught Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

undici is an HTTP/1.1 client, written from scratch for Node.js.`=< undici@5.8.0` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more specifically, inside the `content-type` header. Example: ``` import { request } from 'undici' const unsanitizedContentTypeInput = 'application/json\r\n\r\nGET /foo2 HTTP/1.1' await request('http://localhost:3000, { method: 'GET', headers: { 'content-type': unsanitizedContentTypeInput }, }) ``` The above snippet will perform two requests in a single `request` API call: 1) `http://localhost:3000/` 2) `http://localhost:3000/foo2` This issue was patched in Undici v5.8.1. Sanitize input when sending content-type headers using user input as a workaround. undici es un cliente HTTP/1.1, escrito desde cero para Node.js." versiones anteriores a undici@5.8.0 incluyéndola" los usuarios son vulnerables a una Inyección CRLF en los encabezados cuando usan entradas no saneadas como encabezados de petición, más concretamente, dentro del encabezado "content-type". Ejemplo: """ import { request } from "undici" const unsanitizedContentTypeInput = "application/json\r\n\r\nGET /foo2 HTTP/1.1" await request("http://localhost:3000, { method: "GET", headers: { "content-type": unsanitizedContentTypeInput }, }) """ El fragmento anterior llevará a cabo dos peticiones en una sola llamada a la API "request": 1) "http://localhost:3000/" 2) "http://localhost:3000/foo2" Este problema fue parcheado en Undici versión v5.8.1. Sanear la entrada cuando son enviados encabezados de tipo de contenido usando la entrada del usuario como mitigación. • https://github.com/nodejs/undici/commit/66165d604fd0aee70a93ed5c44ad4cc2df395f80 https://github.com/nodejs/undici/releases/tag/v5.8.2 https://github.com/nodejs/undici/security/advisories/GHSA-f772-66g8-q5h3 https://access.redhat.com/security/cve/CVE-2022-35948 https://bugzilla.redhat.com/show_bug.cgi?id=2121101 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. If a user specifies a URL such as `http://127.0.0.1` or `//127.0.0.1` ```js const undici = require("undici") undici.request({origin: "http://example.com", pathname: "//127.0.0.1"}) ``` Instead of processing the request as `http://example.org//127.0.0.1` (or `http://example.org/http://127.0.0.1` when `http://127.0.0.1 is used`), it actually processes the request as `http://127.0.0.1/` and sends it to `http://127.0.0.1`. If a developer passes in user input into `path` parameter of `undici.request`, it can result in an _SSRF_ as they will assume that the hostname cannot change, when in actual fact it can change because the specified path parameter is combined with the base URL. This issue was fixed in `undici@5.8.1`. • https://github.com/nodejs/undici/commit/124f7ebf705366b2e1844dff721928d270f87895 https://github.com/nodejs/undici/releases/tag/v5.8.2 https://github.com/nodejs/undici/security/advisories/GHSA-8qr4-xgw6-wmr3 https://access.redhat.com/security/cve/CVE-2022-35949 https://bugzilla.redhat.com/show_bug.cgi?id=2121068 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site. This was patched in v5.7.1. • https://github.com/nodejs/undici/issues/872 https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp https://hackerone.com/reports/1635514 https://security.netapp.com/advisory/ntap-20220909-0006 https://access.redhat.com/security/cve/CVE-2022-31151 https://bugzilla.redhat.com/show_bug.cgi?id=2121396 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-346: Origin Validation Error CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2

undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate `\r\n` is a workaround for this issue. undici es un cliente HTTP/1.1, escrito desde cero para Node.js. Es posible inyectar secuencias de tipo CRLF en los encabezados de las peticiones en undici en versiones anteriores a 5.7.1. • https://github.com/nodejs/undici/releases/tag/v5.8.0 https://github.com/nodejs/undici/security/advisories/GHSA-3cvr-822r-rqcc https://hackerone.com/reports/409943 https://security.netapp.com/advisory/ntap-20220915-0002 https://access.redhat.com/security/cve/CVE-2022-31150 https://bugzilla.redhat.com/show_bug.cgi?id=2109354 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •