Undici proxy-authorization header not cleared on cross-origin redirect in fetch
Low severity
GitHub Reviewed
Published
Feb 16, 2024
in
nodejs/undici
•
Updated
May 2, 2024
Affected versions
<= 5.28.2
>= 6.0.0, <= 6.6.0
Patched versions
5.28.3
6.6.1
Impact
Undici already cleared Authorization headers on cross-origin redirects, but did not clear
Proxy-Authorization
headers.
Patches
This is patched in v5.28.3 and v6.6.1
Workarounds
There are no known workarounds.
References
References
Published to the GitHub Advisory Database
Feb 16, 2024
You can’t perform that action at this time.