漏洞标题
Uniki 容易受到正则表达式拒绝服务(DDoS)攻击的headers漏洞。
漏洞描述信息
Undici在头部易受正则表达式拒绝服务攻击
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
Undici vulnerable to Regular Expression Denial of Service in Headers
漏洞描述信息
Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞类别
输入验证不恰当
漏洞标题
undici 安全漏洞
漏洞描述信息
undici是一个HTTP/1.1客户端。 undici 5.19.1之前版本存在安全漏洞,该漏洞源于当将不受信任的值传递给函数时容易受到正则表达式拒绝服务(ReDoS)攻击。
CVSS信息
N/A
漏洞类别
其他