Executive Summary

This vulnerability affects the undici library, specifically when using Socks5ProxyAgent. The issue is that undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested destination. As a result, requests intended for one origin may be sent through the connection pool of another origin.

This causes cross-origin request routing, meaning credentials and request data meant for one origin can be sent to a different origin. Additionally, responses from the wrong origin may be trusted, and HTTPS requests might be silently downgraded to HTTP, compromising security.

Useful 0 Not Useful 0

Impact Analysis

If your application uses Socks5ProxyAgent (directly or via setGlobalDispatcher) and makes requests to multiple origins, this vulnerability can cause sensitive data such as credentials and request information to be sent to unintended origins.

This can lead to exposure of confidential information, trust in incorrect responses, and potential downgrading of secure HTTPS requests to insecure HTTP, which increases the risk of data interception or manipulation.

Overall, it impacts the confidentiality, integrity, and availability of your application's communications.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, you should upgrade the undici library to version 7.26.0 or 8.2.0.

Alternatively, you can use a separate Socks5ProxyAgent instance for each origin instead of reusing a single instance across multiple origins.

Avoid using Socks5ProxyAgent with multiple origins if upgrading is not immediately possible.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability causes cross-origin request routing, where credentials and request data intended for one origin may be sent to another origin. This can lead to unauthorized exposure of sensitive data.

Such unauthorized data exposure can impact compliance with data protection regulations like GDPR and HIPAA, which require strict controls on the confidentiality and integrity of personal and sensitive information.

Additionally, the vulnerability may silently downgrade HTTPS requests to HTTP, weakening transport security and further risking data confidentiality and integrity.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability arises from the undici library versions 7.23.0 through 8.1.0 when using Socks5ProxyAgent, which reuses a single connection pool across different origins without verifying the origin. Detection involves identifying if your application uses undici within the affected version range and employs Socks5ProxyAgent (directly or via setGlobalDispatcher) to make requests to multiple origins.

To detect the vulnerability on your system, you can:

• Check the installed version of undici in your Node.js environment using the command: npm list undici
• Search your codebase for usage of Socks5ProxyAgent or setGlobalDispatcher to see if multiple origins are targeted.
• Monitor network traffic for unexpected cross-origin requests or suspicious routing of requests through a single proxy connection.

There are no specific commands provided in the resources for automated detection of this vulnerability, but the above steps can help identify potential exposure.

Useful 0 Not Useful 0