Description

`Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via plain-text HTTP between Undici and the proxy server.

Remediation

References

https://hackerone.com/reports/1583680

https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-wx7w-2w33

Related Vulnerabilities

CVE-2018-0114 Vulnerability in npm package node-jose

CVE-2023-47321 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web

CVE-2021-23327 Vulnerability in maven package org.webjars.npm:apexcharts

CVE-2022-25853 Vulnerability in npm package semver-tags

CVE-2022-2064 Vulnerability in npm package nocodb

Severity

High

Classification

CWE-295 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Tags

Exploit Issue Tracking Third Party Advisory