{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-35949", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2025-04-22T17:42:40.255Z", "dateReserved": "2022-07-15T00:00:00.000Z", "datePublished": "2022-08-12T00:00:00.000Z"}, "containers": {"cna": {"title": "`undici.request` vulnerable to SSRF using absolute URL on `pathname`", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-01-18T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. If a user specifies a URL such as `http://127.0.0.1` or `//127.0.0.1` ```js const undici = require(\"undici\") undici.request({origin: \"http://example.com\", pathname: \"//127.0.0.1\"}) ``` Instead of processing the request as `http://example.org//127.0.0.1` (or `http://example.org/http://127.0.0.1` when `http://127.0.0.1 is used`), it actually processes the request as `http://127.0.0.1/` and sends it to `http://127.0.0.1`. If a developer passes in user input into `path` parameter of `undici.request`, it can result in an _SSRF_ as they will assume that the hostname cannot change, when in actual fact it can change because the specified path parameter is combined with the base URL. This issue was fixed in `undici@5.8.1`. The best workaround is to validate user input before passing it to the `undici.request` call."}], "affected": [{"vendor": "nodejs", "product": "undici", "versions": [{"version": "<= 5.8.1", "status": "affected"}]}], "references": [{"url": "https://github.com/nodejs/undici/security/advisories/GHSA-8qr4-xgw6-wmr3"}, {"url": "https://github.com/nodejs/undici/commit/124f7ebf705366b2e1844dff721928d270f87895"}, {"url": "https://github.com/nodejs/undici/releases/tag/v5.8.2"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "cweId": "CWE-918"}]}], "source": {"advisory": "GHSA-8qr4-xgw6-wmr3", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:51:59.443Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/nodejs/undici/security/advisories/GHSA-8qr4-xgw6-wmr3", "tags": ["x_transferred"]}, {"url": "https://github.com/nodejs/undici/commit/124f7ebf705366b2e1844dff721928d270f87895", "tags": ["x_transferred"]}, {"url": "https://github.com/nodejs/undici/releases/tag/v5.8.2", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-22T15:39:52.001564Z", "id": "CVE-2022-35949", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T17:42:40.255Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/nodejs/undici/security/advisories/GHSA-8qr4-xgw6-wmr3", "tags": ["x_transferred"]}, {"url": "https://github.com/nodejs/undici/commit/124f7ebf705366b2e1844dff721928d270f87895", "tags": ["x_transferred"]}, {"url": "https://github.com/nodejs/undici/releases/tag/v5.8.2", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:51:59.443Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-35949", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-22T15:39:52.001564Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T15:39:53.294Z"}}], "cna": {"title": "`undici.request` vulnerable to SSRF using absolute URL on `pathname`", "source": {"advisory": "GHSA-8qr4-xgw6-wmr3", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "nodejs", "product": "undici", "versions": [{"status": "affected", "version": "<= 5.8.1"}]}], "references": [{"url": "https://github.com/nodejs/undici/security/advisories/GHSA-8qr4-xgw6-wmr3"}, {"url": "https://github.com/nodejs/undici/commit/124f7ebf705366b2e1844dff721928d270f87895"}, {"url": "https://github.com/nodejs/undici/releases/tag/v5.8.2"}], "descriptions": [{"lang": "en", "value": "undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. If a user specifies a URL such as `http://127.0.0.1` or `//127.0.0.1` ```js const undici = require(\"undici\") undici.request({origin: \"http://example.com\", pathname: \"//127.0.0.1\"}) ``` Instead of processing the request as `http://example.org//127.0.0.1` (or `http://example.org/http://127.0.0.1` when `http://127.0.0.1 is used`), it actually processes the request as `http://127.0.0.1/` and sends it to `http://127.0.0.1`. If a developer passes in user input into `path` parameter of `undici.request`, it can result in an _SSRF_ as they will assume that the hostname cannot change, when in actual fact it can change because the specified path parameter is combined with the base URL. This issue was fixed in `undici@5.8.1`. The best workaround is to validate user input before passing it to the `undici.request` call."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-01-18T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-35949", "state": "PUBLISHED", "dateUpdated": "2025-04-22T17:42:40.255Z", "dateReserved": "2022-07-15T00:00:00.000Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2022-08-12T00:00:00.000Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "CB5541CA-AC2D-4CFD-82A9-CF1FFEEFBB08", "versionEndIncluding": "5.8.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. If a user specifies a URL such as `http://127.0.0.1` or `//127.0.0.1` ```js const undici = require(\"undici\") undici.request({origin: \"http://example.com\", pathname: \"//127.0.0.1\"}) ``` Instead of processing the request as `http://example.org//127.0.0.1` (or `http://example.org/http://127.0.0.1` when `http://127.0.0.1 is used`), it actually processes the request as `http://127.0.0.1/` and sends it to `http://127.0.0.1`. If a developer passes in user input into `path` parameter of `undici.request`, it can result in an _SSRF_ as they will assume that the hostname cannot change, when in actual fact it can change because the specified path parameter is combined with the base URL. This issue was fixed in `undici@5.8.1`. The best workaround is to validate user input before passing it to the `undici.request` call."}, {"lang": "es", "value": "undici es un cliente HTTP/1.1, escrito desde cero para Node.js.\"undici\" es vulnerable a un ataque de tipo SSRF (Server-side Request Forgery) cuando una aplicaci\u00f3n toma la **user input** en la opci\u00f3n \"path/pathname\" de \"undici.request\". Si un usuario especifica una URL como \"http://127.0.0.1\" o \"//127.0.0.1\" \"\"js const undici = require(\"undici\") undici.request({origin: \"http://example.com\", pathname: \"//127.0.0.1\"}) \"\"\" En lugar de procesar la petici\u00f3n como \"http://example.org//127.0.0.1\" (o \"http://example.org/http://127.0.0.1\" cuando es usada \"http://127.0.0.1\"), en realidad procesa la petici\u00f3n como \"http://127.0.0.1/\" y la env\u00eda a \"http://127.0.0.1\". Si un desarrollador pasa la entrada del usuario en el par\u00e1metro \"path\" de \"undici.request\", puede resultar en un _SSRF_ ya que asumir\u00e1 que el nombre del host no puede cambiar, cuando en realidad puede cambiar porque el par\u00e1metro path especificado es combinado con la URL base. Este problema ha sido corregido en \"undici@5.8.1\". La mejor mitigaci\u00f3n es comprender la entrada del usuario antes de pasarla a la llamada \"undici.request\"."}], "id": "CVE-2022-35949", "lastModified": "2024-11-21T07:12:01.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-12T23:15:07.970", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/nodejs/undici/commit/124f7ebf705366b2e1844dff721928d270f87895"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/nodejs/undici/releases/tag/v5.8.2"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://github.com/nodejs/undici/security/advisories/GHSA-8qr4-xgw6-wmr3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/nodejs/undici/commit/124f7ebf705366b2e1844dff721928d270f87895"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/nodejs/undici/releases/tag/v5.8.2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://github.com/nodejs/undici/security/advisories/GHSA-8qr4-xgw6-wmr3"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "acm-grafana-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "acm-must-gather-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "acm-operator-bundle-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "application-ui-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "assisted-image-service-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "cert-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "cluster-backup-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "clusterclaims-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "cluster-curator-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "clusterlifecycle-state-metrics-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "cluster-proxy-addon-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "config-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "console-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "console-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "discovery-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "endpoint-monitoring-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "governance-policy-propagator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "governance-policy-spec-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "governance-policy-status-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "governance-policy-template-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "grafana-dashboard-loader-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "grc-ui-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "grc-ui-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "iam-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "insights-client-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "insights-metrics-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "klusterlet-addon-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "klusterlet-addon-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "kube-rbac-proxy-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "kube-state-metrics-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "managedcluster-import-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "management-ingress-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "memcached-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "memcached-exporter-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "metrics-collector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicloud-integrations-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicloud-manager-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multiclusterhub-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multiclusterhub-repo-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicluster-observability-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicluster-operators-application-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicluster-operators-channel-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicluster-operators-deployable-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicluster-operators-placementrule-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicluster-operators-subscription-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicluster-operators-subscription-release-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "node-exporter-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "observatorium-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "observatorium-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "openshift-hive-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "placement-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "prometheus-alertmanager-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "prometheus-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "provider-credential-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "rbac-query-proxy-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "redisgraph-tls-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "registration-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "registration-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "rhacm-agent-service-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "rhacm-assisted-installer-agent-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "rhacm-assisted-installer-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "rhacm-assisted-installer-reporter-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "search-aggregator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "search-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "search-collector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "search-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "search-ui-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "submariner-addon-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "thanos-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "thanos-receive-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "volsync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "volsync-mover-rclone-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "volsync-mover-restic-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "volsync-mover-rsync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7276", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "work-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-11-01T00:00:00Z"}], "bugzilla": {"description": "nodejs: undici.request vulnerable to SSRF", "id": "2121068", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121068"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-918", "details": ["undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. If a user specifies a URL such as `http://127.0.0.1` or `//127.0.0.1` ```js const undici = require(\"undici\") undici.request({origin: \"http://example.com\", pathname: \"//127.0.0.1\"}) ``` Instead of processing the request as `http://example.org//127.0.0.1` (or `http://example.org/http://127.0.0.1` when `http://127.0.0.1 is used`), it actually processes the request as `http://127.0.0.1/` and sends it to `http://127.0.0.1`. If a developer passes in user input into `path` parameter of `undici.request`, it can result in an _SSRF_ as they will assume that the hostname cannot change, when in actual fact it can change because the specified path parameter is combined with the base URL. This issue was fixed in `undici@5.8.1`. The best workaround is to validate user input before passing it to the `undici.request` call.", "A Server-Side Request Forgery (SSRF) vulnerability was found in undici, a HTTP/1.1 client for Node.js. An attacker can manipulate the server-side application to make requests to an unintended location when they use the 'path/pathname' option in 'undici.request'."], "mitigation": {"lang": "en:us", "value": "Validate user input before passing it to the `undici.request` call."}, "name": "CVE-2022-35949", "package_state": [{"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/search-ui-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Affected", "package_name": "devspaces/dashboard-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}], "public_date": "2022-08-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-35949\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-35949\nhttps://github.com/nodejs/undici/security/advisories/GHSA-8qr4-xgw6-wmr3"], "threat_severity": "Moderate"}