GCVE - cpe:2.3:a:n/a:https://github.com/nodejs/undici:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:https://github.com/nodejs/undici:*:*:*:*:*:*:*:*

part: a version: //github.com/nodejs/undici update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Https (`b65e66a1-fb16-5533-954b-05eeb21e718a`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-32210`	vulnerable	2026-06-08 05:44:42.728528	Details available `Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via plain-text HTTP between Undici and the proxy server. Published: 2022-07-14T14:51:40.000Z Updated: 2024-08-03T07:32:56.020Z Open on db.gcve.eu Reference links https://hackerone.com/reports/1583680 https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-wx7w-2w33	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.