CVE-2023-45143 - Cookie Leakage via Cross-Origin Redirects in Node.js Undici HTTP Client
Undici is a popular HTTP/1.1 client, built from scratch for Node.js, often praised for its speed and spec compliance. But in late
CVE-2023-23918 - Node.js Permissions Bypass Exploit – What You Need to Know
If you’re a developer or sysadmin using Node.js, you need to be aware of CVE-2023-23918, a critical privilege escalation vulnerability that affects several
CVE-2023-23919 - How a Small Cryptographic Mistake in Node.js Could Crash Your App
Summary
Node.js, one of the internet’s most widely-used runtimes for building server-side apps, quietly patched a cryptographic vulnerability in early 2023—one that
CVE-2023-23936 - CRLF Injection in Node.js Undici – Full Guide, Exploit Details, and Fix
Undici is a popular HTTP/1.1 client for Node.js that’s known for being *fast* and *lightweight*. But in early 2023, a critical
CVE-2023-24807 - Undici HTTP Client Regex Dangers — Understanding and Exploiting the ReDoS Vulnerability
Undici is a widely-used HTTP/1.1 client for Node.js. In early 2023, a high-profile vulnerability was discovered in its Headers.set() and Headers.
Episode
00:00:00
00:00:00