CVE-2023-24807

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
nodejsundici
𝑥
< 5.19.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
node-undici
bookworm
5.15.0+dfsg1+~cs20.10.9.3-1+deb12u4
fixed
bookworm (security)
5.15.0+dfsg1+~cs20.10.9.3-1+deb12u3
fixed
sid
5.28.4+dfsg1+~cs23.12.11-2
fixed
trixie
5.28.4+dfsg1+~cs23.12.11-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
node-undici
bionic
dne
focal
dne
jammy
dne
kinetic
ignored
lunar
ignored
mantic
not-affected
trusty
ignored
xenial
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
nodejs16
suse enterprise sap 15 SP4
16.19.1-150400.3.15.1
fixed
suse enterprise server 15 SP3
16.19.1-150300.7.18.1
fixed
suse enterprise server 15 SP4
16.19.1-150400.3.15.1
fixed
nodejs16-devel
suse enterprise sap 15 SP4
16.19.1-150400.3.15.1
fixed
suse enterprise server 15 SP3
16.19.1-150300.7.18.1
fixed
suse enterprise server 15 SP4
16.19.1-150400.3.15.1
fixed
nodejs16-docs
suse enterprise sap 15 SP4
16.19.1-150400.3.15.1
fixed
suse enterprise server 15 SP3
16.19.1-150300.7.18.1
fixed
suse enterprise server 15 SP4
16.19.1-150400.3.15.1
fixed
nodejs18
suse enterprise sap 15 SP4
18.14.2-150400.9.6.2
fixed
suse enterprise sap 15 SP5
18.14.2-150400.9.6.2
fixed
suse enterprise server 15 SP4
18.14.2-150400.9.6.2
fixed
suse enterprise server 15 SP5
18.14.2-150400.9.6.2
fixed
nodejs18-devel
suse enterprise sap 15 SP4
18.14.2-150400.9.6.2
fixed
suse enterprise sap 15 SP5
18.14.2-150400.9.6.2
fixed
suse enterprise server 15 SP4
18.14.2-150400.9.6.2
fixed
suse enterprise server 15 SP5
18.14.2-150400.9.6.2
fixed
nodejs18-docs
suse enterprise sap 15 SP4
18.14.2-150400.9.6.2
fixed
suse enterprise sap 15 SP5
18.14.2-150400.9.6.2
fixed
suse enterprise server 15 SP4
18.14.2-150400.9.6.2
fixed
suse enterprise server 15 SP5
18.14.2-150400.9.6.2
fixed
npm16
suse enterprise sap 15 SP4
16.19.1-150400.3.15.1
fixed
suse enterprise server 15 SP3
16.19.1-150300.7.18.1
fixed
suse enterprise server 15 SP4
16.19.1-150400.3.15.1
fixed
npm18
suse enterprise sap 15 SP4
18.14.2-150400.9.6.2
fixed
suse enterprise sap 15 SP5
18.14.2-150400.9.6.2
fixed
suse enterprise server 15 SP4
18.14.2-150400.9.6.2
fixed
suse enterprise server 15 SP5
18.14.2-150400.9.6.2
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
nodejs
RHEL 9
1:16.19.1-1.el9_2
fixed
nodejs-docs
RHEL 9
1:16.19.1-1.el9_2
fixed
nodejs-full-i18n
RHEL 9
1:16.19.1-1.el9_2
fixed
nodejs-libs
RHEL 9
1:16.19.1-1.el9_2
fixed
nodejs-nodemon
RHEL 9
0:2.0.20-3.el9_2
fixed
npm
RHEL 9
1:8.19.3-1.16.19.1.1.el9_2
fixed
Common Weakness Enumeration
References
https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf
https://github.com/nodejs/undici/releases/tag/v5.19.1
https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w
https://hackerone.com/bugs?report_id=1784449
https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf
https://github.com/nodejs/undici/releases/tag/v5.19.1
https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w
https://hackerone.com/bugs?report_id=1784449
https://security.netapp.com/advisory/ntap-20230324-0010/