{"url":"http://public2.vulnerablecode.io/api/packages/932701?format=json","purl":"pkg:deb/debian/node-undici@5.8.0%2Bdfsg1%2B~cs18.9.16-1?distro=trixie","type":"deb","namespace":"debian","name":"node-undici","version":"5.8.0+dfsg1+~cs18.9.16-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"5.8.2+dfsg1+~cs18.9.18.1-1","latest_non_vulnerable_version":"7.24.6+dfsg+~cs3.2.0-2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53963?format=json","vulnerability_id":"VCID-wqk1-vxt3-j3bb","summary":"undici before v5.8.0 vulnerable to CRLF injection in request headers\n### Impact\n\nIt is possible to inject CRLF sequences into request headers in Undici.\n\n```js\nconst undici = require('undici')\n\nconst response = undici.request(\"http://127.0.0.1:1000\", {\n  headers: {'a': \"\\r\\nb\"}\n})\n```\n\nThe same applies to `path` and `method`\n\n### Patches\n\nUpdate to v5.8.0\n\n### Workarounds\n\nSanitize all HTTP headers from untrusted sources to eliminate `\\r\\n`.\n\n### References\n\nhttps://hackerone.com/reports/409943\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12116\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [undici repository](https://github.com/nodejs/undici/issues)\n* To make a report, follow the [SECURITY](https://github.com/nodejs/node/blob/HEAD/SECURITY.md) document","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31150.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31150.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31150","reference_id":"","reference_type":"","scores":[{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66456","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66444","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66435","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66376","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66355","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66382","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.6634","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66296","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.6632","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66305","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66297","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66282","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66247","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66278","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66291","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.6621","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.6624","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66213","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66271","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66258","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31150"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/nodejs/undici","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nodejs/undici"},{"reference_url":"https://github.com/nodejs/undici/commit/a29a151d0140d095742d21a004023d024fe93259","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nodejs/undici/commit/a29a151d0140d095742d21a004023d024fe93259"},{"reference_url":"https://github.com/nodejs/undici/releases/tag/v5.8.0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:40:20Z/"}],"url":"https://github.com/nodejs/undici/releases/tag/v5.8.0"},{"reference_url":"https://github.com/nodejs/undici/security/advisories/GHSA-3cvr-822r-rqcc","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:40:20Z/"}],"url":"https://github.com/nodejs/undici/security/advisories/GHSA-3cvr-822r-rqcc"},{"reference_url":"https://hackerone.com/reports/409943","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:40:20Z/"}],"url":"https://hackerone.com/reports/409943"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31150","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31150"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220915-0002","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220915-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220915-0002/","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:40:20Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220915-0002/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2109354","reference_id":"2109354","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2109354"},{"reference_url":"https://github.com/advisories/GHSA-3cvr-822r-rqcc","reference_id":"GHSA-3cvr-822r-rqcc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3cvr-822r-rqcc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/932701?format=json","purl":"pkg:deb/debian/node-undici@5.8.0%2Bdfsg1%2B~cs18.9.16-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-undici@5.8.0%252Bdfsg1%252B~cs18.9.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/932700?format=json","purl":"pkg:deb/debian/node-undici@5.15.0%2Bdfsg1%2B~cs20.10.9.3-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1294-r4v2-3ud7"},{"vulnerability":"VCID-g9bm-61bn-ryg5"},{"vulnerability":"VCID-hgd1-7u6j-p7dh"},{"vulnerability":"VCID-n6ew-t7g1-33gn"},{"vulnerability":"VCID-pah5-gspe-hbbh"},{"vulnerability":"VCID-ph2p-u33d-8yh3"},{"vulnerability":"VCID-sy2z-sqgk-d7hg"},{"vulnerability":"VCID-u8t3-4awy-k3fm"},{"vulnerability":"VCID-xx5u-7mmp-akfs"},{"vulnerability":"VCID-z653-vqsc-euer"},{"vulnerability":"VCID-z7ac-jr58-gkfm"},{"vulnerability":"VCID-zb3h-efqz-dff3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-undici@5.15.0%252Bdfsg1%252B~cs20.10.9.3-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/932704?format=json","purl":"pkg:deb/debian/node-undici@7.3.0%2Bdfsg1%2B~cs24.12.11-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1294-r4v2-3ud7"},{"vulnerability":"VCID-g9bm-61bn-ryg5"},{"vulnerability":"VCID-hgd1-7u6j-p7dh"},{"vulnerability":"VCID-n6ew-t7g1-33gn"},{"vulnerability":"VCID-ph2p-u33d-8yh3"},{"vulnerability":"VCID-sy2z-sqgk-d7hg"},{"vulnerability":"VCID-vdca-exd1-rfce"},{"vulnerability":"VCID-z7ac-jr58-gkfm"},{"vulnerability":"VCID-zb3h-efqz-dff3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-undici@7.3.0%252Bdfsg1%252B~cs24.12.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/932702?format=json","purl":"pkg:deb/debian/node-undici@7.18.2%2Bdfsg%2B~cs3.2.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1294-r4v2-3ud7"},{"vulnerability":"VCID-hgd1-7u6j-p7dh"},{"vulnerability":"VCID-n6ew-t7g1-33gn"},{"vulnerability":"VCID-ph2p-u33d-8yh3"},{"vulnerability":"VCID-sy2z-sqgk-d7hg"},{"vulnerability":"VCID-vdca-exd1-rfce"},{"vulnerability":"VCID-z7ac-jr58-gkfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-undici@7.18.2%252Bdfsg%252B~cs3.2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/932703?format=json","purl":"pkg:deb/debian/node-undici@7.24.6%2Bdfsg%2B~cs3.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-undici@7.24.6%252Bdfsg%252B~cs3.2.0-2%3Fdistro=trixie"}],"aliases":["CVE-2022-31150","GHSA-3cvr-822r-rqcc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqk1-vxt3-j3bb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53748?format=json","vulnerability_id":"VCID-x5np-z1be-m7gq","summary":"undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect\n### Impact\n\nAuthorization headers are already cleared on cross-origin redirect in\nhttps://github.com/nodejs/undici/blob/main/lib/handler/redirect.js#L189, based on https://github.com/nodejs/undici/issues/872.\n\nHowever, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There also has been active discussion of implementing a cookie store https://github.com/nodejs/undici/pull/1441, which suggests that there are active users using cookie headers in undici.\nAs such this may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site.\n\n### Patches\n\nThis was patched in v5.8.0.\n\n### Workarounds\n\nBy default, this vulnerability is not exploitable.\nDo not enable redirections, i.e. `maxRedirections: 0` (the default). \n\n### References\n\nhttps://hackerone.com/reports/1635514\nhttps://curl.se/docs/CVE-2018-1000007.html\nhttps://curl.se/docs/CVE-2022-27776.html\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [undici repository](https://github.com/nodejs/undici/issues)\n* To make a report, follow the [SECURITY](https://github.com/nodejs/node/blob/HEAD/SECURITY.md) document","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31151.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31151.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31151","reference_id":"","reference_type":"","scores":[{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30301","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30287","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30217","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30195","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30721","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30727","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30745","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30854","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30722","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30768","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30812","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30811","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30779","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30901","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30269","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30261","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.3019","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.3033","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30412","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30529","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30692","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31151"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/nodejs/undici","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nodejs/undici"},{"reference_url":"https://github.com/nodejs/undici/blob/main/lib/handler/redirect.js#L189","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nodejs/undici/blob/main/lib/handler/redirect.js#L189"},{"reference_url":"https://github.com/nodejs/undici/commit/0a5bee9465e627be36bac88edf7d9bbc9626126d","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nodejs/undici/commit/0a5bee9465e627be36bac88edf7d9bbc9626126d"},{"reference_url":"https://github.com/nodejs/undici/issues/872","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:45:24Z/"}],"url":"https://github.com/nodejs/undici/issues/872"},{"reference_url":"https://github.com/nodejs/undici/pull/1441","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nodejs/undici/pull/1441"},{"reference_url":"https://github.com/nodejs/undici/releases/tag/v5.8.0","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nodejs/undici/releases/tag/v5.8.0"},{"reference_url":"https://hackerone.com/reports/1635514","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:45:24Z/"}],"url":"https://hackerone.com/reports/1635514"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31151","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31151"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220909-0006","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220909-0006"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220909-0006/","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:45:24Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220909-0006/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2121396","reference_id":"2121396","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2121396"},{"reference_url":"https://github.com/advisories/GHSA-q768-x9m6-m9qp","reference_id":"GHSA-q768-x9m6-m9qp","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q768-x9m6-m9qp"},{"reference_url":"https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp","reference_id":"GHSA-q768-x9m6-m9qp","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:45:24Z/"}],"url":"https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/932701?format=json","purl":"pkg:deb/debian/node-undici@5.8.0%2Bdfsg1%2B~cs18.9.16-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-undici@5.8.0%252Bdfsg1%252B~cs18.9.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/932700?format=json","purl":"pkg:deb/debian/node-undici@5.15.0%2Bdfsg1%2B~cs20.10.9.3-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1294-r4v2-3ud7"},{"vulnerability":"VCID-g9bm-61bn-ryg5"},{"vulnerability":"VCID-hgd1-7u6j-p7dh"},{"vulnerability":"VCID-n6ew-t7g1-33gn"},{"vulnerability":"VCID-pah5-gspe-hbbh"},{"vulnerability":"VCID-ph2p-u33d-8yh3"},{"vulnerability":"VCID-sy2z-sqgk-d7hg"},{"vulnerability":"VCID-u8t3-4awy-k3fm"},{"vulnerability":"VCID-xx5u-7mmp-akfs"},{"vulnerability":"VCID-z653-vqsc-euer"},{"vulnerability":"VCID-z7ac-jr58-gkfm"},{"vulnerability":"VCID-zb3h-efqz-dff3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-undici@5.15.0%252Bdfsg1%252B~cs20.10.9.3-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/932704?format=json","purl":"pkg:deb/debian/node-undici@7.3.0%2Bdfsg1%2B~cs24.12.11-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1294-r4v2-3ud7"},{"vulnerability":"VCID-g9bm-61bn-ryg5"},{"vulnerability":"VCID-hgd1-7u6j-p7dh"},{"vulnerability":"VCID-n6ew-t7g1-33gn"},{"vulnerability":"VCID-ph2p-u33d-8yh3"},{"vulnerability":"VCID-sy2z-sqgk-d7hg"},{"vulnerability":"VCID-vdca-exd1-rfce"},{"vulnerability":"VCID-z7ac-jr58-gkfm"},{"vulnerability":"VCID-zb3h-efqz-dff3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-undici@7.3.0%252Bdfsg1%252B~cs24.12.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/932702?format=json","purl":"pkg:deb/debian/node-undici@7.18.2%2Bdfsg%2B~cs3.2.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1294-r4v2-3ud7"},{"vulnerability":"VCID-hgd1-7u6j-p7dh"},{"vulnerability":"VCID-n6ew-t7g1-33gn"},{"vulnerability":"VCID-ph2p-u33d-8yh3"},{"vulnerability":"VCID-sy2z-sqgk-d7hg"},{"vulnerability":"VCID-vdca-exd1-rfce"},{"vulnerability":"VCID-z7ac-jr58-gkfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-undici@7.18.2%252Bdfsg%252B~cs3.2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/932703?format=json","purl":"pkg:deb/debian/node-undici@7.24.6%2Bdfsg%2B~cs3.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-undici@7.24.6%252Bdfsg%252B~cs3.2.0-2%3Fdistro=trixie"}],"aliases":["CVE-2022-31151","GHSA-q768-x9m6-m9qp"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x5np-z1be-m7gq"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-undici@5.8.0%252Bdfsg1%252B~cs18.9.16-1%3Fdistro=trixie"}