Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| undici(npm) | 0 | 5.28.4 | N/A |
| undici(npm) | 6.0.0 | 6.11.1 | N/A |
CVSS Metrics
