Description
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 14 | | >=0 <5.28.4+dfsg1+~cs23.12.11-1 | 5.28.4+dfsg1+~cs23.12.11-1 |
debian 12 | | =5.15.0+dfsg1+~cs20.10.9.3-1 || =5.15.0+dfsg1+~cs20.10.9.3-1+deb12u1 || =5.15.0+dfsg1+~cs20.10.9.3-1+deb12u2 || =5.15.0+dfsg1+~cs20.10.9.3-1+deb12u3 || =5.15.0+dfsg1+~cs20.10.9.3-1+deb12u4 || =5.19.1+dfsg1+~cs20.10.9.5-1 || =5.19.1+dfsg1+~cs20.10.9.5-2 || =5.22.1+dfsg1+~cs20.10.10.2-1 || =5.26.3+dfsg1+~cs23.10.12-1 || =5.26.3+dfsg1+~cs23.10.12-2 || =5.26.3+dfsg1+~cs23.10.12-3 || =5.28.0+dfsg1+~cs23.11.12.3-1 || =5.28.0+dfsg1+~cs23.11.12.3-2 || =5.28.2+dfsg1+~cs23.11.12.3-1 || =5.28.2+dfsg1+~cs23.11.12.3-2 || =5.28.2+dfsg1+~cs23.11.12.3-3 || =5.28.2+dfsg1+~cs23.11.12.3-4 || =5.28.2+dfsg1+~cs23.11.12.3-5 || =5.28.2+dfsg1+~cs23.11.12.3-6 || =5.28.4+dfsg1+~cs23.12.11-1 || =5.28.4+dfsg1+~cs23.12.11-2 || =7.1.0+dfsg1+~cs24.12.10-1 || =7.15.0+dfsg+~cs3.2.0-1 || =7.15.0+dfsg+~cs3.2.0-3 || =7.16.0+dfsg+~cs3.2.0-1 || =7.16.0+dfsg+~cs3.2.0-2 || =7.18.2+dfsg+~cs3.2.0-1 || =7.2.3+dfsg1+~cs24.12.11-1 || =7.2.3+dfsg1+~cs24.12.11-2 || =7.24.5+dfsg+~cs3.2.0-1 || =7.24.6+dfsg+~cs3.2.0-1 || =7.24.6+dfsg+~cs3.2.0-2 || =7.3.0+dfsg1+~cs24.12.11-1 || =7.3.0+dfsg1+~cs24.12.11-2 | - |
debian 13 | | >=0 <5.28.4+dfsg1+~cs23.12.11-1 | 5.28.4+dfsg1+~cs23.12.11-1 |
 npm | | >=0 <5.28.3 || >=6.0.0 <6.6.1 | 5.28.3, 6.6.1 |
