CVE-2022-35948
CRLF Injection in Nodejs ‘undici’ via Content-Type
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
undici is an HTTP/1.1 client, written from scratch for Node.js.`=< undici@5.8.0` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more specifically, inside the `content-type` header. Example: ``` import { request } from 'undici' const unsanitizedContentTypeInput = 'application/json\r
\r
GET /foo2 HTTP/1.1' await request('http://localhost:3000, { method: 'GET', headers: { 'content-type': unsanitizedContentTypeInput }, }) ``` The above snippet will perform two requests in a single `request` API call: 1) `http://localhost:3000/` 2) `http://localhost:3000/foo2` This issue was patched in Undici v5.8.1. Sanitize input when sending content-type headers using user input as a workaround.
undici es un cliente HTTP/1.1, escrito desde cero para Node.js." versiones anteriores a undici@5.8.0 incluyéndola" los usuarios son vulnerables a una Inyección CRLF en los encabezados cuando usan entradas no saneadas como encabezados de petición, más concretamente, dentro del encabezado "content-type". Ejemplo: """ import { request } from "undici" const unsanitizedContentTypeInput = "application/json\r
\r
GET /foo2 HTTP/1.1" await request("http://localhost:3000, { method: "GET", headers: { "content-type": unsanitizedContentTypeInput }, }) """ El fragmento anterior llevará a cabo dos peticiones en una sola llamada a la API "request": 1) "http://localhost:3000/" 2) "http://localhost:3000/foo2" Este problema fue parcheado en Undici versión v5.8.1. Sanear la entrada cuando son enviados encabezados de tipo de contenido usando la entrada del usuario como mitigación.
A flaw was found in the undici package. When requesting unsanitized input on content-type headers, it is possible to inject additional requests via Carriage Return/Line Feed (CRLF).
Red Hat Advanced Cluster Management for Kubernetes 2.4.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include denial of service, server-side request forgery, and remote SQL injection vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-15 CVE Reserved
- 2022-08-13 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
- CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://github.com/nodejs/undici/releases/tag/v5.8.2 | Release Notes |
| URL | Date | SRC |
|---|---|---|
| https://github.com/nodejs/undici/security/advisories/GHSA-f772-66g8-q5h3 | 2024-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/nodejs/undici/commit/66165d604fd0aee70a93ed5c44ad4cc2df395f80 | 2023-03-28 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-35948 | 2022-11-01 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2121101 | 2022-11-01 |