Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch()
, but did not clear them for undici.request()
. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "9.2.1~5.28.4+dfsg1+~cs23.12.11-2", "binary_name": "libllhttp-dev" }, { "binary_version": "9.2.1~5.28.4+dfsg1+~cs23.12.11-2", "binary_name": "libllhttp9.1" }, { "binary_version": "9.2.1~5.28.4+dfsg1+~cs23.12.11-2", "binary_name": "libllhttp9.1-dbgsym" }, { "binary_version": "9.2.1~5.28.4+dfsg1+~cs23.12.11-2", "binary_name": "node-llhttp" }, { "binary_version": "5.28.4+dfsg1+~cs23.12.11-2", "binary_name": "node-undici" } ] }