Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/932701?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/932701?format=api", "purl": "pkg:deb/debian/node-undici@5.8.0%2Bdfsg1%2B~cs18.9.16-1?distro=trixie", "type": "deb", "namespace": "debian", "name": "node-undici", "version": "5.8.0+dfsg1+~cs18.9.16-1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "5.8.2+dfsg1+~cs18.9.18.1-1", "latest_non_vulnerable_version": "7.24.6+dfsg+~cs3.2.0-2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53963?format=api", "vulnerability_id": "VCID-wqk1-vxt3-j3bb", "summary": "undici before v5.8.0 vulnerable to CRLF injection in request headers\n### Impact\n\nIt is possible to inject CRLF sequences into request headers in Undici.\n\n```js\nconst undici = require('undici')\n\nconst response = undici.request(\"http://127.0.0.1:1000\", {\n headers: {'a': \"\\r\\nb\"}\n})\n```\n\nThe same applies to `path` and `method`\n\n### Patches\n\nUpdate to v5.8.0\n\n### Workarounds\n\nSanitize all HTTP headers from untrusted sources to eliminate `\\r\\n`.\n\n### References\n\nhttps://hackerone.com/reports/409943\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12116\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [undici repository](https://github.com/nodejs/undici/issues)\n* To make a report, follow the [SECURITY](https://github.com/nodejs/node/blob/HEAD/SECURITY.md) document", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31150.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31150.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31150", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66297", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66282", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66247", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66278", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66291", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66271", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66258", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.6621", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.6624", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66213", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31150" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/nodejs/undici", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nodejs/undici" }, { "reference_url": "https://github.com/nodejs/undici/commit/a29a151d0140d095742d21a004023d024fe93259", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nodejs/undici/commit/a29a151d0140d095742d21a004023d024fe93259" }, { "reference_url": "https://github.com/nodejs/undici/releases/tag/v5.8.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:40:20Z/" } ], "url": "https://github.com/nodejs/undici/releases/tag/v5.8.0" }, { "reference_url": "https://github.com/nodejs/undici/security/advisories/GHSA-3cvr-822r-rqcc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:40:20Z/" } ], "url": "https://github.com/nodejs/undici/security/advisories/GHSA-3cvr-822r-rqcc" }, { "reference_url": "https://hackerone.com/reports/409943", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:40:20Z/" } ], "url": "https://hackerone.com/reports/409943" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31150", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31150" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220915-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220915-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220915-0002/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:40:20Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220915-0002/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2109354", "reference_id": "2109354", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2109354" }, { "reference_url": "https://github.com/advisories/GHSA-3cvr-822r-rqcc", "reference_id": "GHSA-3cvr-822r-rqcc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3cvr-822r-rqcc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932701?format=api", "purl": "pkg:deb/debian/node-undici@5.8.0%2Bdfsg1%2B~cs18.9.16-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-undici@5.8.0%252Bdfsg1%252B~cs18.9.16-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932700?format=api", "purl": "pkg:deb/debian/node-undici@5.15.0%2Bdfsg1%2B~cs20.10.9.3-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1294-r4v2-3ud7" }, { "vulnerability": "VCID-g9bm-61bn-ryg5" }, { "vulnerability": "VCID-hgd1-7u6j-p7dh" }, { "vulnerability": "VCID-n6ew-t7g1-33gn" }, { "vulnerability": "VCID-pah5-gspe-hbbh" }, { "vulnerability": "VCID-ph2p-u33d-8yh3" }, { "vulnerability": "VCID-sy2z-sqgk-d7hg" }, { "vulnerability": "VCID-u8t3-4awy-k3fm" }, { "vulnerability": "VCID-xx5u-7mmp-akfs" }, { "vulnerability": "VCID-z653-vqsc-euer" }, { "vulnerability": "VCID-z7ac-jr58-gkfm" }, { "vulnerability": "VCID-zb3h-efqz-dff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-undici@5.15.0%252Bdfsg1%252B~cs20.10.9.3-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932704?format=api", "purl": "pkg:deb/debian/node-undici@7.3.0%2Bdfsg1%2B~cs24.12.11-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1294-r4v2-3ud7" }, { "vulnerability": "VCID-g9bm-61bn-ryg5" }, { "vulnerability": "VCID-hgd1-7u6j-p7dh" }, { "vulnerability": "VCID-n6ew-t7g1-33gn" }, { "vulnerability": "VCID-ph2p-u33d-8yh3" }, { "vulnerability": "VCID-sy2z-sqgk-d7hg" }, { "vulnerability": "VCID-vdca-exd1-rfce" }, { "vulnerability": "VCID-z7ac-jr58-gkfm" }, { "vulnerability": "VCID-zb3h-efqz-dff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-undici@7.3.0%252Bdfsg1%252B~cs24.12.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932702?format=api", "purl": "pkg:deb/debian/node-undici@7.18.2%2Bdfsg%2B~cs3.2.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1294-r4v2-3ud7" }, { "vulnerability": "VCID-hgd1-7u6j-p7dh" }, { "vulnerability": "VCID-n6ew-t7g1-33gn" }, { "vulnerability": "VCID-ph2p-u33d-8yh3" }, { "vulnerability": "VCID-sy2z-sqgk-d7hg" }, { "vulnerability": "VCID-vdca-exd1-rfce" }, { "vulnerability": "VCID-z7ac-jr58-gkfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-undici@7.18.2%252Bdfsg%252B~cs3.2.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932703?format=api", "purl": "pkg:deb/debian/node-undici@7.24.6%2Bdfsg%2B~cs3.2.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-undici@7.24.6%252Bdfsg%252B~cs3.2.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-31150", "GHSA-3cvr-822r-rqcc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wqk1-vxt3-j3bb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53748?format=api", "vulnerability_id": "VCID-x5np-z1be-m7gq", "summary": "undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect\n### Impact\n\nAuthorization headers are already cleared on cross-origin redirect in\nhttps://github.com/nodejs/undici/blob/main/lib/handler/redirect.js#L189, based on https://github.com/nodejs/undici/issues/872.\n\nHowever, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There also has been active discussion of implementing a cookie store https://github.com/nodejs/undici/pull/1441, which suggests that there are active users using cookie headers in undici.\nAs such this may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site.\n\n### Patches\n\nThis was patched in v5.8.0.\n\n### Workarounds\n\nBy default, this vulnerability is not exploitable.\nDo not enable redirections, i.e. `maxRedirections: 0` (the default). \n\n### References\n\nhttps://hackerone.com/reports/1635514\nhttps://curl.se/docs/CVE-2018-1000007.html\nhttps://curl.se/docs/CVE-2022-27776.html\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [undici repository](https://github.com/nodejs/undici/issues)\n* To make a report, follow the [SECURITY](https://github.com/nodejs/node/blob/HEAD/SECURITY.md) document", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31151.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31151.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31151", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30692", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30854", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30901", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30721", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30779", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30811", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30812", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30768", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30722", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30745", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30727", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31151" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/nodejs/undici", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nodejs/undici" }, { "reference_url": "https://github.com/nodejs/undici/blob/main/lib/handler/redirect.js#L189", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nodejs/undici/blob/main/lib/handler/redirect.js#L189" }, { "reference_url": "https://github.com/nodejs/undici/commit/0a5bee9465e627be36bac88edf7d9bbc9626126d", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nodejs/undici/commit/0a5bee9465e627be36bac88edf7d9bbc9626126d" }, { "reference_url": "https://github.com/nodejs/undici/issues/872", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:45:24Z/" } ], "url": "https://github.com/nodejs/undici/issues/872" }, { "reference_url": "https://github.com/nodejs/undici/pull/1441", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nodejs/undici/pull/1441" }, { "reference_url": "https://github.com/nodejs/undici/releases/tag/v5.8.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nodejs/undici/releases/tag/v5.8.0" }, { "reference_url": "https://hackerone.com/reports/1635514", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:45:24Z/" } ], "url": "https://hackerone.com/reports/1635514" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31151", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31151" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220909-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220909-0006" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220909-0006/", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:45:24Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220909-0006/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121396", "reference_id": "2121396", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121396" }, { "reference_url": "https://github.com/advisories/GHSA-q768-x9m6-m9qp", "reference_id": "GHSA-q768-x9m6-m9qp", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q768-x9m6-m9qp" }, { "reference_url": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp", "reference_id": "GHSA-q768-x9m6-m9qp", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:45:24Z/" } ], "url": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932701?format=api", "purl": "pkg:deb/debian/node-undici@5.8.0%2Bdfsg1%2B~cs18.9.16-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-undici@5.8.0%252Bdfsg1%252B~cs18.9.16-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932700?format=api", "purl": "pkg:deb/debian/node-undici@5.15.0%2Bdfsg1%2B~cs20.10.9.3-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1294-r4v2-3ud7" }, { "vulnerability": "VCID-g9bm-61bn-ryg5" }, { "vulnerability": "VCID-hgd1-7u6j-p7dh" }, { "vulnerability": "VCID-n6ew-t7g1-33gn" }, { "vulnerability": "VCID-pah5-gspe-hbbh" }, { "vulnerability": "VCID-ph2p-u33d-8yh3" }, { "vulnerability": "VCID-sy2z-sqgk-d7hg" }, { "vulnerability": "VCID-u8t3-4awy-k3fm" }, { "vulnerability": "VCID-xx5u-7mmp-akfs" }, { "vulnerability": "VCID-z653-vqsc-euer" }, { "vulnerability": "VCID-z7ac-jr58-gkfm" }, { "vulnerability": "VCID-zb3h-efqz-dff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-undici@5.15.0%252Bdfsg1%252B~cs20.10.9.3-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932704?format=api", "purl": "pkg:deb/debian/node-undici@7.3.0%2Bdfsg1%2B~cs24.12.11-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1294-r4v2-3ud7" }, { "vulnerability": "VCID-g9bm-61bn-ryg5" }, { "vulnerability": "VCID-hgd1-7u6j-p7dh" }, { "vulnerability": "VCID-n6ew-t7g1-33gn" }, { "vulnerability": "VCID-ph2p-u33d-8yh3" }, { "vulnerability": "VCID-sy2z-sqgk-d7hg" }, { "vulnerability": "VCID-vdca-exd1-rfce" }, { "vulnerability": "VCID-z7ac-jr58-gkfm" }, { "vulnerability": "VCID-zb3h-efqz-dff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-undici@7.3.0%252Bdfsg1%252B~cs24.12.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932702?format=api", "purl": "pkg:deb/debian/node-undici@7.18.2%2Bdfsg%2B~cs3.2.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1294-r4v2-3ud7" }, { "vulnerability": "VCID-hgd1-7u6j-p7dh" }, { "vulnerability": "VCID-n6ew-t7g1-33gn" }, { "vulnerability": "VCID-ph2p-u33d-8yh3" }, { "vulnerability": "VCID-sy2z-sqgk-d7hg" }, { "vulnerability": "VCID-vdca-exd1-rfce" }, { "vulnerability": "VCID-z7ac-jr58-gkfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-undici@7.18.2%252Bdfsg%252B~cs3.2.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932703?format=api", "purl": "pkg:deb/debian/node-undici@7.24.6%2Bdfsg%2B~cs3.2.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-undici@7.24.6%252Bdfsg%252B~cs3.2.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-31151", "GHSA-q768-x9m6-m9qp" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x5np-z1be-m7gq" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-undici@5.8.0%252Bdfsg1%252B~cs18.9.16-1%3Fdistro=trixie" }