Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication
headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
{ "binaries": [ { "binary_name": "libllhttp-dev", "binary_version": "9.2.1~7.3.0+dfsg1+~cs24.12.11-1" }, { "binary_name": "libllhttp9.2", "binary_version": "9.2.1~7.3.0+dfsg1+~cs24.12.11-1" }, { "binary_name": "node-llhttp", "binary_version": "9.2.1~7.3.0+dfsg1+~cs24.12.11-1" }, { "binary_name": "node-undici", "binary_version": "7.3.0+dfsg1+~cs24.12.11-1" } ] }