If you believe you have found a security issue in the software in this repository, please consult https://github.com/nodejs/node/blob/HEAD/SECURITY.md.
Security: nodejs/undici
Security
SECURITY.md
-
Denial of Service attack via bad certificate dataGHSA-cxrh-j4jr-qwg3 published
May 15, 2025 by mcollinaLow -
Use of Insufficiently Random Values in undici fetch()GHSA-c76h-2ccp-4975 published
Jan 21, 2025 by mcollinaModerate -
Data leak when using response.arrayBuffer()GHSA-3g92-w8c5-73pq published
Jul 8, 2024 by mcollinaLow -
Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipelineGHSA-m4v8-wqvr-p9f7 published
Apr 4, 2024 by mcollinaLow -
fetch with integrity option is too lax when algorithm is specified but hash value is in incorrectGHSA-9qxr-qj54-h672 published
Apr 4, 2024 by mcollinaLow -
Proxy-Authorization header not cleared on cross-origin redirect in fetchGHSA-3787-6prv-h9w3 published
Feb 16, 2024 by mcollinaLow -
Backpressure request ignored in fetch()GHSA-9f24-jqhm-jfcw published
Feb 16, 2024 by mcollinaModerate -
Cookie header not cleared on cross-origin redirect in fetchGHSA-wqq4-5wpv-mx2g published
Oct 12, 2023 by mcollinaLow -
CRLF Injection in Nodejs ‘undici’ via hostGHSA-5r9g-qh6m-jxff published
Feb 16, 2023 by mcollinaModerate -
Regular Expression Denial of Service in HeadersGHSA-r6ch-mqf9-qc9w published
Feb 16, 2023 by mcollinaLow
Learn more about advisories related to nodejs/undici in the GitHub Advisory Database