7.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-32210

GHSA ID

GHSA-pgw7-wx7w-2w33

EPSS Score

0.35902%

CWE

CWE-295

Published

6/17/2022

Updated

1/27/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-32210

CVE-2022-32210: ProxyAgent vulnerable to MITM

Description

Undici.ProxyAgent never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via plain-text HTTP between Undici and the proxy server.

Impact

This affects all use of HTTPS via HTTP proxy using Undici.ProxyAgent with Undici or Node's global fetch. In this case, it removes all HTTPS security from all requests sent using Undici's ProxyAgent, allowing trivial MitM attacks by anybody on the network path between the client and the target server (local network users, your ISP, the proxy, the target server's ISP, etc). This less seriously affects HTTPS via HTTPS proxies. When you send HTTPS via a proxy to a remote server, the proxy can freely view or modify all HTTPS traffic unexpectedly (but only the proxy).

Patches

This issue was patched in Undici v5.5.1.

Workarounds

At the time of writing, the only workaround is to not use ProxyAgent as a dispatcher for TLS Connections.

(GitHub Advisory)

7.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-32210

GHSA ID

GHSA-pgw7-wx7w-2w33

EPSS Score

0.35902%

CWE

CWE-295

Published

6/17/2022

Updated

1/27/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
undici	npm	>= 4.8.2, <= 5.5.0	5.5.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from ProxyAgent's failure to implement certificate validation during TLS handshakes with the target server when using a proxy. The dispatch function orchestrates proxy communication but does not enforce secure TLS parameters. The createConnection function (or equivalent TLS setup logic) likely omits 'rejectUnauthorized' checks and proper SNI configuration, enabling unverified MITM proxying. These functions are core to the agent's proxy handling, aligning with the described MITM behavior and CWE-295.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### **s*ription `Un*i*i.Proxy***nt` n*v*r v*ri*i*s t** r*mot* s*rv*r's **rti*i**t*, *n* *lw*ys *xpos*s *ll r*qu*st & r*spons* **t* to t** proxy. T*is un*xp**t**ly m**ns t**t proxi*s **n MitM *ll *TTPS tr***i*, *n* i* t** proxy's URL is *TTP t**n it

Reasoning

T** vuln*r**ility st*ms *rom Proxy***nt's **ilur* to impl*m*nt **rti*i**t* v*li**tion *urin* TLS **n*s**k*s wit* t** t*r**t s*rv*r w**n usin* * proxy. T** `*isp*t**` *un*tion or***str*t*s proxy *ommuni**tion *ut *o*s not *n*or** s**ur* TLS p*r*m*t*rs

7.7

Basic Information

Concerned about an active attack path?

CVE-2022-32210: ProxyAgent vulnerable to MITM

Description

Impact

Patches

Workarounds

7.7

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI