Miggo Logo

CVE-2022-31151: undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect

3.7

CVSS Score
3.1

Basic Information

EPSS Score
0.40196%
Published
7/21/2022
Updated
1/30/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
undicinpm< 5.8.05.8.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from undici's redirect handler not clearing cookies during cross-origin redirects. The commit diff shows the vulnerable shouldRemoveHeader function in redirect.js lacked a check for 'cookie' headers (only checked 'authorization'). The patch added a new condition to detect 'cookie' headers (length 6) when origin changes, confirming this was the missing security check. Tests were added to verify cookie header removal, directly linking this function to the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t *ut*oriz*tion *****rs *r* *lr***y *l**r** on *ross-ori*in r**ir**t in *ttps://*it*u*.*om/no**js/un*i*i/*lo*/m*in/li*/**n*l*r/r**ir**t.js#L***, **s** on *ttps://*it*u*.*om/no**js/un*i*i/issu*s/***. *ow*v*r, *ooki* *****rs w*i** *r* s*nsit

Reasoning

T** vuln*r**ility st*ms *rom un*i*i's r**ir**t **n*l*r not *l**rin* *ooki*s *urin* *ross-ori*in r**ir**ts. T** *ommit *i** s*ows t** vuln*r**l* `s*oul*R*mov******r` *un*tion in r**ir**t.js l**k** * ****k *or '*ooki*' *****rs (only ****k** '*ut*oriz*t