漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Undici vulnerable to Regular Expression Denial of Service in Headers
Vulnerability Description
Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
undici 安全漏洞
Vulnerability Description
undici是一个HTTP/1.1客户端。 undici 5.19.1之前版本存在安全漏洞,该漏洞源于当将不受信任的值传递给函数时容易受到正则表达式拒绝服务(ReDoS)攻击。
CVSS Information
N/A
Vulnerability Type
N/A