Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-02-16T17:30:19.923Z
Updated: 2024-08-02T11:03:19.291Z
Reserved: 2023-01-30T14:43:33.703Z
Link: CVE-2023-24807
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-02-16T18:15:12.340
Modified: 2023-02-24T18:38:57.073
Link: CVE-2023-24807
Redhat