Severity

Medium

Analysis Summary

CVE-2022-32210

Node.js undici module could allow a remote authenticated attacker to obtain sensitive information, caused by improper certificate validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information of all the requests and responses data to the proxy., and use this information to launch further attacks against the affected system.

Impact

• Information Disclosure

Indicators Of Compromise

CVE

• CVE-2022-32210

Affected Vendors

Node.js

Affected Products

Node.js undici 5.5.0

Remediation

Upgrade to the latest version of undici, available from the NPM Web site.
NPM Web site