undici up to and including 5.8.1 is vulnerable to CRLF (Carriage Return / Line Feed) Injection on headers when using unsanitized input as request headers, specifically inside the `content-type` header. Example: import { request } from 'undici' const unsanitizedContentTypeInput = 'application/json\r\n\r\nGET /foo2 HTTP/1.1' await request('http://localhost:3000, { method: 'GET', headers: { 'content-type': unsanitizedContentTypeInput }, })
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.4 for RHEL 8 Via RHSA-2022:7276 https://access.redhat.com/errata/RHSA-2022:7276
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-35948