Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication
headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
{ "binaries": [ { "binary_version": "9.2.1~7.3.0+dfsg1+~cs24.12.11-1", "binary_name": "libllhttp-dev" }, { "binary_version": "9.2.1~7.3.0+dfsg1+~cs24.12.11-1", "binary_name": "libllhttp9.2" }, { "binary_version": "9.2.1~7.3.0+dfsg1+~cs24.12.11-1", "binary_name": "node-llhttp" }, { "binary_version": "7.3.0+dfsg1+~cs24.12.11-1", "binary_name": "node-undici" } ] }