更新: 2423 个文件 - 2026-03-18 14:23:01

这个提交包含在:
hao
2026-03-18 14:23:01 -07:00
父节点 9a5f48cdf7
当前提交 96b5353a91
修改 2423 个文件,包含 239337 行新增2806 行删除

查看文件

@@ -0,0 +1,78 @@
{
"canonical_id": "undici--CVE-2023-24807",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "Regular Expression Denial of Service in Headers",
"summary": "### Impact\nThe `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function.\n\n### Patches\n\nThis vulnerability was patched in v5.19.1.\n\n### Workarounds\nThere is no workaround. Please update to an unaffected version.\n\n### References\n\n* https://hackerone.com/bugs?report_id=1784449\n\n### Credits\n\nCarter Snook reported this vulnerability.\n",
"published_at": "2023-02-16T20:46:10Z",
"updated_at": "2023-11-08T04:11:48.635999Z",
"severity": "high",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w",
"secondary_source_urls": [
"https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf",
"https://nvd.nist.gov/vuln/detail/CVE-2023-24807",
"https://github.com/nodejs/undici",
"https://github.com/nodejs/undici/releases/tag/v5.19.1",
"https://hackerone.com/bugs?report_id=1784449",
"https://security.netapp.com/advisory/ntap-20230324-0010/"
],
"aliases": [
"CVE-2023-24807",
"GHSA-r6ch-mqf9-qc9w"
],
"cve_ids": [
"CVE-2023-24807"
],
"ghsa_ids": [
"GHSA-r6ch-mqf9-qc9w"
],
"osv_ids": [
"GHSA-r6ch-mqf9-qc9w"
],
"affected_versions": [
"introduced=0, fixed<5.19.1"
],
"fixed_versions": [
"5.19.1"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2023-24807.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "undici-ssrf",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Undici",
"NVD Undici"
],
"source_kinds": [
"osv-batch",
"nvd-search"
],
"candidate_count": 2
}
}