[21] Undici proxy-authorization header not cleared on cross-origin redirect in fetch #441

Closed
opened 2024-06-24 18:32:59 +01:00 by Helpdesk · 0 comments
Member

Package: undici (npm)
Affected versions: <= 5.28.2
Patched version: 5.28.3

GitHub


Impact

Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authorization headers.

Patches

This is patched in v5.28.3 and v6.6.1

Workarounds

There are no known workarounds.

References

Package: undici (npm) Affected versions: <= 5.28.2 Patched version: 5.28.3 [GitHub](https://github.com/Vylpes/vylbot-app/security/dependabot/21) --- ## Impact Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authorization` headers. ## Patches This is patched in v5.28.3 and v6.6.1 ## Workarounds There are no known workarounds. ## References - https://fetch.spec.whatwg.org/#authentication-entries - [GHSA-wqq4-5wpv-mx2g](https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g)
Helpdesk added the
type
dependencies
label 2024-06-24 18:33:03 +01:00
Helpdesk added
type
alert
and removed
type
dependencies
labels 2024-06-24 18:34:50 +01:00
Vylpes added this to the (deleted) milestone 2024-06-24 18:48:35 +01:00
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: RabbitLabs/vylbot-app#441
No description provided.