CVE-2023-23936

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-23936

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-23936.json

Aliases

Related

Published

2023-02-16T18:15:10Z

Modified

2023-12-06T01:02:51.700182Z

Details

Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect host HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the headers.host string before passing to undici.

References

Affected packages

Alpine:v3.15 / nodejs

Package

Name: nodejs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

16.19.1-r0

Affected versions

4.*

4.4.3-r0

4.4.4-r0

4.4.5-r0

4.4.7-r0

4.5.0-r0

6.*

6.9.1-r0

6.9.1-r1

6.9.2-r0

6.9.4-r0

6.9.4-r1

6.9.5-r0

6.9.5-r1

6.10.0-r0

6.10.1-r0

6.10.3-r0

6.11.0-r0

6.11.1-r0

6.11.1-r1

6.11.1-r2

6.11.2-r0

6.11.3-r0

6.11.4-r0

6.11.5-r0

8.*

8.9.0-r0

8.9.1-r0

8.9.2-r0

8.9.3-r0

8.9.3-r1

8.9.4-r0

8.10.0-r0

8.11.0-r0

8.11.0-r1

8.11.1-r0

8.11.1-r1

8.11.1-r2

8.11.2-r0

8.11.3-r0

8.11.3-r1

8.11.3-r2

8.11.3-r3

8.11.4-r0

8.12.0-r0

10.*

10.13.0-r0

10.14.0-r0

10.14.1-r0

10.14.2-r0

10.15.1-r0

10.15.3-r0

10.16.0-r0

10.16.1-r0

10.16.2-r0

10.16.3-r0

12.*

12.13.0-r0

12.13.0-r1

12.13.1-r0

12.14.0-r0

12.14.1-r0

12.15.0-r0

12.15.0-r1

12.15.0-r2

12.16.2-r0

12.16.3-r0

12.16.3-r1

12.17.0-r0

12.18.0-r0

12.18.0-r1

12.18.0-r2

12.18.2-r0

12.18.3-r0

12.18.4-r0

12.19.0-r0

14.*

14.15.1-r0

14.15.3-r0

14.15.3-r1

14.15.3-r2

14.15.4-r0

14.15.5-r0

14.16.0-r0

14.16.0-r1

14.16.1-r0

14.16.1-r1

14.16.1-r2

14.17.0-r0

14.17.1-r0

14.17.2-r0

14.17.3-r0

14.17.4-r0

14.17.5-r0

14.17.6-r0

14.17.6-r1

14.18.0-r0

14.18.1-r0

14.18.1-r1

16.*

16.13.0-r1

16.13.1-r1

16.13.2-r1

16.14.0-r1

16.14.2-r1

16.16.0-r1

16.17.1-r1

Alpine:v3.16 / nodejs

Package

Name: nodejs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

16.19.1-r0

Affected versions

4.*

4.4.3-r0

4.4.4-r0

4.4.5-r0

4.4.7-r0

4.5.0-r0

6.*

6.9.1-r0

6.9.1-r1

6.9.2-r0

6.9.4-r0

6.9.4-r1

6.9.5-r0

6.9.5-r1

6.10.0-r0

6.10.1-r0

6.10.3-r0

6.11.0-r0

6.11.1-r0

6.11.1-r1

6.11.1-r2

6.11.2-r0

6.11.3-r0

6.11.4-r0

6.11.5-r0

8.*

8.9.0-r0

8.9.1-r0

8.9.2-r0

8.9.3-r0

8.9.3-r1

8.9.4-r0

8.10.0-r0

8.11.0-r0

8.11.0-r1

8.11.1-r0

8.11.1-r1

8.11.1-r2

8.11.2-r0

8.11.3-r0

8.11.3-r1

8.11.3-r2

8.11.3-r3

8.11.4-r0

8.12.0-r0

10.*

10.13.0-r0

10.14.0-r0

10.14.1-r0

10.14.2-r0

10.15.1-r0

10.15.3-r0

10.16.0-r0

10.16.1-r0

10.16.2-r0

10.16.3-r0

12.*

12.13.0-r0

12.13.0-r1

12.13.1-r0

12.14.0-r0

12.14.1-r0

12.15.0-r0

12.15.0-r1

12.15.0-r2

12.16.2-r0

12.16.3-r0

12.16.3-r1

12.17.0-r0

12.18.0-r0

12.18.0-r1

12.18.0-r2

12.18.2-r0

12.18.3-r0

12.18.4-r0

12.19.0-r0

14.*

14.15.1-r0

14.15.3-r0

14.15.3-r1

14.15.3-r2

14.15.4-r0

14.15.5-r0

14.16.0-r0

14.16.0-r1

14.16.1-r0

14.16.1-r1

14.16.1-r2

14.17.0-r0

14.17.1-r0

14.17.2-r0

14.17.3-r0

14.17.4-r0

14.17.5-r0

14.17.6-r0

14.17.6-r1

14.18.0-r0

14.18.1-r0

14.18.1-r1

16.*

16.13.0-r0

16.13.1-r0

16.13.1-r1

16.13.2-r0

16.13.2-r1

16.14.2-r0

16.14.2-r1

16.15.0-r0

16.15.0-r1

16.16.0-r1

16.17.1-r1

Alpine:v3.17 / nodejs

Package

Name: nodejs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

18.14.1-r0

Affected versions

4.*

4.4.3-r0

4.4.4-r0

4.4.5-r0

4.4.7-r0

4.5.0-r0

6.*

6.9.1-r0

6.9.1-r1

6.9.2-r0

6.9.4-r0

6.9.4-r1

6.9.5-r0

6.9.5-r1

6.10.0-r0

6.10.1-r0

6.10.3-r0

6.11.0-r0

6.11.1-r0

6.11.1-r1

6.11.1-r2

6.11.2-r0

6.11.3-r0

6.11.4-r0

6.11.5-r0

8.*

8.9.0-r0

8.9.1-r0

8.9.2-r0

8.9.3-r0

8.9.3-r1

8.9.4-r0

8.10.0-r0

8.11.0-r0

8.11.0-r1

8.11.1-r0

8.11.1-r1

8.11.1-r2

8.11.2-r0

8.11.3-r0

8.11.3-r1

8.11.3-r2

8.11.3-r3

8.11.4-r0

8.12.0-r0

10.*

10.13.0-r0

10.14.0-r0

10.14.1-r0

10.14.2-r0

10.15.1-r0

10.15.3-r0

10.16.0-r0

10.16.1-r0

10.16.2-r0

10.16.3-r0

12.*

12.13.0-r0

12.13.0-r1

12.13.1-r0

12.14.0-r0

12.14.1-r0

12.15.0-r0

12.15.0-r1

12.15.0-r2

12.16.2-r0

12.16.3-r0

12.16.3-r1

12.17.0-r0

12.18.0-r0

12.18.0-r1

12.18.0-r2

12.18.2-r0

12.18.3-r0

12.18.4-r0

12.19.0-r0

14.*

14.15.1-r0

14.15.3-r0

14.15.3-r1

14.15.3-r2

14.15.4-r0

14.15.5-r0

14.16.0-r0

14.16.0-r1

14.16.1-r0

14.16.1-r1

14.16.1-r2

14.17.0-r0

14.17.1-r0

14.17.2-r0

14.17.3-r0

14.17.4-r0

14.17.5-r0

14.17.6-r0

14.17.6-r1

14.18.0-r0

14.18.1-r0

14.18.1-r1

16.*

16.13.0-r0

16.13.1-r0

16.13.1-r1

16.13.2-r0

16.13.2-r1

16.14.2-r0

16.14.2-r1

16.15.0-r0

16.15.0-r1

16.16.0-r0

16.16.0-r1

16.17.0-r0

16.17.1-r0

16.18.0-r0

16.18.0-r1

18.*

18.12.0-r1

18.12.1-r1

Alpine:v3.18 / nodejs

Package

Name: nodejs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

18.14.1-r0

Affected versions

4.*

4.4.3-r0

4.4.4-r0

4.4.5-r0

4.4.7-r0

4.5.0-r0

6.*

6.9.1-r0

6.9.1-r1

6.9.2-r0

6.9.4-r0

6.9.4-r1

6.9.5-r0

6.9.5-r1

6.10.0-r0

6.10.1-r0

6.10.3-r0

6.11.0-r0

6.11.1-r0

6.11.1-r1

6.11.1-r2

6.11.2-r0

6.11.3-r0

6.11.4-r0

6.11.5-r0

8.*

8.9.0-r0

8.9.1-r0

8.9.2-r0

8.9.3-r0

8.9.3-r1

8.9.4-r0

8.10.0-r0

8.11.0-r0

8.11.0-r1

8.11.1-r0

8.11.1-r1

8.11.1-r2

8.11.2-r0

8.11.3-r0

8.11.3-r1

8.11.3-r2

8.11.3-r3

8.11.4-r0

8.12.0-r0

10.*

10.13.0-r0

10.14.0-r0

10.14.1-r0

10.14.2-r0

10.15.1-r0

10.15.3-r0

10.16.0-r0

10.16.1-r0

10.16.2-r0

10.16.3-r0

12.*

12.13.0-r0

12.13.0-r1

12.13.1-r0

12.14.0-r0

12.14.1-r0

12.15.0-r0

12.15.0-r1

12.15.0-r2

12.16.2-r0

12.16.3-r0

12.16.3-r1

12.17.0-r0

12.18.0-r0

12.18.0-r1

12.18.0-r2

12.18.2-r0

12.18.3-r0

12.18.4-r0

12.19.0-r0

14.*

14.15.1-r0

14.15.3-r0

14.15.3-r1

14.15.3-r2

14.15.4-r0

14.15.5-r0

14.16.0-r0

14.16.0-r1

14.16.1-r0

14.16.1-r1

14.16.1-r2

14.17.0-r0

14.17.1-r0

14.17.2-r0

14.17.3-r0

14.17.4-r0

14.17.5-r0

14.17.6-r0

14.17.6-r1

14.18.0-r0

14.18.1-r0

14.18.1-r1

16.*

16.13.0-r0

16.13.1-r0

16.13.1-r1

16.13.2-r0

16.13.2-r1

16.14.2-r0

16.14.2-r1

16.15.0-r0

16.15.0-r1

16.16.0-r0

16.16.0-r1

16.17.0-r0

16.17.1-r0

16.18.0-r0

16.18.0-r1

18.*

18.12.0-r0

18.12.1-r0

18.13.0-r0

18.14.0-r0

Git / github.com/nodejs/node

Affected ranges

Type: GIT
Repo: https://github.com/nodejs/node
Events: Introduced

7c89c4c7acdaa2035ec42195ade689419209c2fd

Introduced

49a77a5a996a49e8cb728eed42e55a7c1a9eef6e

Introduced

7162e686b18d22b4385fa5c04274fb04dbd810c7

Introduced

cc993fb2760d01457955f5b9ff787d559ed1c34e

Fixed

a9d1e5059f9cc63cafc8e786a7b6332aa7ab3b2b

Type: GIT
Repo: https://github.com/nodejs/undici
Events: Fixed

a2eff05401358f6595138df963837c24348f2034

Introduced

6e91fbf0a1475d2385abcf20b58e1d21f527c0a3

Affected versions

v19.*

v19.0.0

v19.0.1

v19.1.0

v19.2.0

v19.3.0

v19.4.0

v19.5.0

v19.6.0

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.1.0

v2.2.0

v2.2.1

v2.3.0

v2.3.1

v2.3.2

v2.3.3

v2.3.4

v2.4.0

v2.5.0

v3.*

v3.0.0

v3.1.0

v3.2.0

v3.3.0

v3.3.1

v4.*

v4.0.0

v4.0.0-alpha.0

v4.0.0-alpha.1

v4.0.0-alpha.2

v4.0.0-alpha.4

v4.0.0-alpha.5

v4.0.0-rc.1

v4.0.0-rc.2

v4.0.0-rc.3

v4.0.0-rc.4

v4.0.0-rc.5

v4.0.0-rc.7

v4.0.0-rc.8

v4.1.0

v4.1.1

v4.10.0

v4.10.1

v4.10.2

v4.10.3

v4.10.4

v4.11.0

v4.11.1

v4.11.2

v4.11.3

v4.12.0

v4.12.2

v4.13.0

v4.14.0

v4.14.1

v4.15.0

v4.15.1

v4.16.0

v4.2.1

v4.2.2

v4.3.0

v4.3.1

v4.4.1

v4.4.2

v4.4.3

v4.4.4

v4.4.5

v4.4.6

v4.4.7

v4.5.0

v4.5.1

v4.6.0

v4.7.0

v4.7.1

v4.7.2

v4.7.3

v4.8.0

v4.8.1

v4.8.2

v4.9.0

v4.9.1

v4.9.2

v4.9.3

v4.9.4

v4.9.5

v5.*

v5.0.0

v5.1.0

v5.1.1

v5.10.0

v5.11.0

v5.12.0

v5.13.0

v5.14.0

v5.15.0

v5.15.1

v5.15.2

v5.16.0

v5.17.0

v5.17.1

v5.18.0

v5.19.0

v5.2.0

v5.3.0

v5.4.0

v5.5.0

v5.5.1

v5.6.0

v5.6.1

v5.7.0

v5.8.0

v5.8.1

v5.8.2

v5.9.1