Vulnerability Description
Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site. This was patched in v5.7.1. By default, this vulnerability is not exploitable. Do not enable redirections, i.e. `maxRedirections: 0` (the default).
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nodejs | Undici | < 5.7.1 |
Related Weaknesses (CWE)
References
- https://github.com/nodejs/undici/issues/872ExploitIssue TrackingThird Party Advisory
- https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qpThird Party Advisory
- https://hackerone.com/reports/1635514Permissions RequiredThird Party Advisory
- https://security.netapp.com/advisory/ntap-20220909-0006/Third Party Advisory
- https://github.com/nodejs/undici/issues/872ExploitIssue TrackingThird Party Advisory
- https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qpThird Party Advisory
- https://hackerone.com/reports/1635514Permissions RequiredThird Party Advisory
- https://security.netapp.com/advisory/ntap-20220909-0006/Third Party Advisory
FAQ
What is CVE-2022-31151?
CVE-2022-31151 is a vulnerability with a CVSS score of 3.7 (LOW). Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users usi...
How severe is CVE-2022-31151?
CVE-2022-31151 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-31151?
Check the references section above for vendor advisories and patch information. Affected products include: Nodejs Undici.