Severity
Low
Analysis Summary
CVE-2023-45143
Node.js undici module could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw with not clear cookie header on cross-origin redirect in fetch. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to obtain cookie header information, and use this information to launch further attacks against the affected system.
Impact
- Information Theft
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-45143
Affected Vendors
Node.js
Affected Products
- Node.js undici 5.26.1
Remediation
Upgrade to the latest version of undici, available from the undici GIT Repository.