Control: tag -1 confirmed
On Wed, May 31, 2023 at 04:00:47PM +0400, Yadd wrote:
> [ Reason ]
> node-undici is vulnerable to:
> * CVE-2023-23936: "Host" HTTP header isn't protected against CLRF injection
> * CVE-2023-24807: Regex Denial of Service on headers set/append
Please update the
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: node-und...@packages.debian.org
Control: affects -1 + src:node-undici
[ Reason ]
node-undici is vulnerable to:
* CVE-2023-23936: "Host" HTTP header isn't protected
2 matches
Mail list logo