Impact
It is possible to inject CRLF sequences into request headers in Undici.
const undici = require('undici')
const response = undici.request("http://127.0.0.1:1000", {
headers: {'a': "\r\nb"}
})The same applies to path and method
Patches
Update to v5.7.1
Workarounds
Sanitize all HTTP headers from untrusted sources to eliminate \r\n.
References
https://hackerone.com/reports/409943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12116
For more information
If you have any questions or comments about this advisory:
Impact
It is possible to inject CRLF sequences into request headers in Undici.
The same applies to
pathandmethodPatches
Update to v5.7.1
Workarounds
Sanitize all HTTP headers from untrusted sources to eliminate
\r\n.References
https://hackerone.com/reports/409943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12116
For more information
If you have any questions or comments about this advisory: