Impact
=< undici@5.8.0
users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside the content-type
header.
Example:
import { request } from 'undici'
const unsanitizedContentTypeInput = 'application/json\r\n\r\nGET /foo2 HTTP/1.1'
await request('http://localhost:3000, {
method: 'GET',
headers: {
'content-type': unsanitizedContentTypeInput
},
})
The above snippet will perform two requests in a single request
API call:
http://localhost:3000/
http://localhost:3000/foo2
Patches
This issue was patched in Undici v5.8.1
Workarounds
Sanitize input when sending content-type headers using user input.
For more information
If you have any questions or comments about this advisory:
References
Impact
=< undici@5.8.0
users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside thecontent-type
header.Example:
The above snippet will perform two requests in a single
request
API call:http://localhost:3000/
http://localhost:3000/foo2
Patches
This issue was patched in Undici v5.8.1
Workarounds
Sanitize input when sending content-type headers using user input.
For more information
If you have any questions or comments about this advisory:
References