CVE-2022-31151
LOWundici < 5.7.1 - Cookie Header Leakage on Cross-Origin Redirect
Title source: llmDescription
Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site. This was patched in v5.7.1. By default, this vulnerability is not exploitable. Do not enable redirections, i.e. `maxRedirections: 0` (the default).
References (4)
Core 4
Core References
Third Party Advisory x_refsource_confirm
https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/nodejs/undici/issues/872
Permissions Required, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1635514
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220909-0006/
Scores
CVSS v3
3.7
EPSS
0.0012
EPSS Percentile
30.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-346
CWE-601
Status
published
Products (2)
nodejs/undici
< 5.7.1
npm/undici
0 - 5.8.0npm
Published
Jul 21, 2022
Tracked Since
Feb 18, 2026