[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-31150":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":34,"aliases":52,"duplicate_of":9,"upstream":54,"downstream":55,"duplicates":68,"related":69,"reserved_at":9,"published_at":74,"modified_at":75,"state":76,"summary":77,"references_raw":85,"kevs":126,"epss":127,"epss_history":130,"metrics":395,"affected":408},"CVE-2022-31150","undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate `\\r\\n` is a workaround for this issue.",null,[11,27],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-93","Improper Neutralization of CRLF Sequences ('CRLF Injection')","The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.","weakness","Draft","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-15","Command Delimiters",[],{"id":24,"name":25,"techniques":26},"CAPEC-81","Web Server Logs Tampering",[],{"_key":28,"id":28,"name":29,"description":30,"type":31,"status":32,"abstraction":9,"likelihood_of_exploit":9,"capec":33},"NVD-CWE-OTHER","Other","NVD uses this CWE ID when the weakness does not map to any existing CWE entry.","placeholder","NVD-Reserved",[],[35,44],{"_key":36,"name":37,"source":38,"url":39,"maturity":40,"reliability_score":41,"verified":42,"type":9,"platforms":43,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_NODEJS_UNDICI","Undici","github","https://github.com/nodejs/undici/security/advisories/GHSA-3cvr-822r-rqcc","poc",0.3,false,[],{"_key":45,"name":46,"source":47,"url":48,"maturity":49,"reliability_score":50,"verified":42,"type":9,"platforms":51,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_4B9873F267626B04","Exploit Reference (hackerone.com)","reference","https://hackerone.com/reports/409943","unknown",0.2,[],[53],"GHSA-3cvr-822r-rqcc",[],[56,58,60,62,64,66],{"_key":57},"SUSE-SU-2022:3196-1",{"_key":59},"SUSE-SU-2022:3250-1",{"_key":61},"SUSE-SU-2022:3251-1",{"_key":63},"OPENSUSE-SU-2024:12285-1",{"_key":65},"DEBIAN-CVE-2022-31150",{"_key":67},"UBUNTU-CVE-2022-31150",[],[70,71,72,73],{"_key":57},{"_key":59},{"_key":61},{"_key":63},"2022-07-19T20:40:10.000Z","2025-04-22T17:48:45.328Z","Modified",{"cisa_kev":42,"cisa_ransomware":42,"cisa_vendor":9,"epss_severity":78,"epss_score":79,"severity":80,"severity_score":81,"severity_version":82,"severity_source":83,"severity_vector":84,"severity_status":76},"low",0.00507,"medium",6.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",[86,95,99,104,108,113,117,122],{"url":39,"sources":87,"tags":90},[88,83,89],"cve.org","osv_npm",[91,92,93,94],"X Refsource CONFIRM","Exploit","Third Party Advisory","WEB",{"url":48,"sources":96,"tags":97},[88,83,89],[98,92,93,94],"X Refsource MISC",{"url":100,"sources":101,"tags":102},"https://github.com/nodejs/undici/releases/tag/v5.8.0",[88,83,89],[98,103,93,94],"Release Notes",{"url":105,"sources":106,"tags":107},"https://security.netapp.com/advisory/ntap-20220915-0002/",[88,83],[91,93],{"url":109,"sources":110,"tags":111},"https://nvd.nist.gov/vuln/detail/CVE-2022-31150",[89],[112],"Advisory",{"url":114,"sources":115,"tags":116},"https://github.com/nodejs/undici/commit/a29a151d0140d095742d21a004023d024fe93259",[89],[94],{"url":118,"sources":119,"tags":120},"https://github.com/nodejs/undici",[89],[121],"PACKAGE",{"url":123,"sources":124,"tags":125},"https://security.netapp.com/advisory/ntap-20220915-0002",[89],[94],[],{"date":128,"score":79,"percentile":129},"2026-06-04",0.66611,[131,135,138,141,144,147,151,154,157,160,163,166,169,172,174,178,181,184,187,190,193,196,199,202,204,207,210,213,217,220,223,226,229,231,233,235,238,241,244,247,250,253,256,259,262,265,268,270,272,275,277,280,283,286,289,291,294,297,299,302,305,308,311,314,316,319,322,325,328,331,335,338,341,344,347,350,353,356,359,362,365,368,371,373,376,379,382,385,388,391],{"date":132,"score":133,"percentile":134},"2025-11-04",0.00962,0.75747,{"date":136,"score":133,"percentile":137},"2025-11-05",0.75743,{"date":139,"score":133,"percentile":140},"2025-11-06",0.7574,{"date":142,"score":133,"percentile":143},"2025-11-07",0.75756,{"date":145,"score":133,"percentile":146},"2025-11-08",0.75757,{"date":148,"score":149,"percentile":150},"2025-11-09",0.00619,0.69166,{"date":152,"score":149,"percentile":153},"2025-11-10",0.69157,{"date":155,"score":149,"percentile":156},"2025-11-11",0.69165,{"date":158,"score":149,"percentile":159},"2025-11-12",0.69187,{"date":161,"score":149,"percentile":162},"2025-11-13",0.69195,{"date":164,"score":149,"percentile":165},"2025-11-14",0.69203,{"date":167,"score":149,"percentile":168},"2025-11-15",0.692,{"date":170,"score":149,"percentile":171},"2025-11-16",0.69197,{"date":173,"score":149,"percentile":162},"2025-11-17",{"date":175,"score":176,"percentile":177},"2025-11-18",0.00386,0.5701,{"date":179,"score":176,"percentile":180},"2025-11-19",0.57027,{"date":182,"score":176,"percentile":183},"2025-11-20",0.57017,{"date":185,"score":149,"percentile":186},"2025-11-21",0.69219,{"date":188,"score":149,"percentile":189},"2025-11-22",0.69216,{"date":191,"score":149,"percentile":192},"2025-11-23",0.69205,{"date":194,"score":149,"percentile":195},"2025-11-24",0.69193,{"date":197,"score":149,"percentile":198},"2025-11-25",0.69196,{"date":200,"score":149,"percentile":201},"2025-11-26",0.69202,{"date":203,"score":149,"percentile":192},"2025-11-27",{"date":205,"score":149,"percentile":206},"2025-11-28",0.69194,{"date":208,"score":149,"percentile":209},"2025-11-29",0.69183,{"date":211,"score":149,"percentile":212},"2025-11-30",0.6918,{"date":214,"score":215,"percentile":216},"2025-12-01",0.00285,0.51671,{"date":218,"score":215,"percentile":219},"2025-12-02",0.51693,{"date":221,"score":215,"percentile":222},"2025-12-03",0.51694,{"date":224,"score":149,"percentile":225},"2025-12-04",0.69177,{"date":227,"score":149,"percentile":228},"2025-12-05",0.69192,{"date":230,"score":149,"percentile":171},"2025-12-06",{"date":232,"score":149,"percentile":195},"2025-12-07",{"date":234,"score":149,"percentile":198},"2025-12-08",{"date":236,"score":149,"percentile":237},"2025-12-09",0.69224,{"date":239,"score":149,"percentile":240},"2025-12-10",0.69267,{"date":242,"score":149,"percentile":243},"2025-12-11",0.6929,{"date":245,"score":149,"percentile":246},"2025-12-12",0.69317,{"date":248,"score":149,"percentile":249},"2025-12-13",0.69319,{"date":251,"score":149,"percentile":252},"2025-12-14",0.69323,{"date":254,"score":149,"percentile":255},"2025-12-15",0.69318,{"date":257,"score":149,"percentile":258},"2025-12-16",0.69326,{"date":260,"score":149,"percentile":261},"2025-12-17",0.69339,{"date":263,"score":149,"percentile":264},"2025-12-18",0.69369,{"date":266,"score":149,"percentile":267},"2025-12-19",0.69386,{"date":269,"score":149,"percentile":267},"2025-12-20",{"date":271,"score":149,"percentile":264},"2025-12-21",{"date":273,"score":149,"percentile":274},"2025-12-22",0.6937,{"date":276,"score":149,"percentile":274},"2025-12-23",{"date":278,"score":149,"percentile":279},"2025-12-24",0.69377,{"date":281,"score":149,"percentile":282},"2025-12-25",0.69403,{"date":284,"score":149,"percentile":285},"2025-12-26",0.69402,{"date":287,"score":149,"percentile":288},"2025-12-27",0.69447,{"date":290,"score":149,"percentile":279},"2025-12-28",{"date":292,"score":149,"percentile":293},"2025-12-29",0.69373,{"date":295,"score":149,"percentile":296},"2025-12-30",0.69385,{"date":298,"score":149,"percentile":285},"2025-12-31",{"date":300,"score":215,"percentile":301},"2026-01-01",0.51809,{"date":303,"score":215,"percentile":304},"2026-01-02",0.51785,{"date":306,"score":215,"percentile":307},"2026-01-03",0.51782,{"date":309,"score":149,"percentile":310},"2026-01-04",0.69406,{"date":312,"score":149,"percentile":313},"2026-01-05",0.69391,{"date":315,"score":149,"percentile":285},"2026-01-06",{"date":317,"score":149,"percentile":318},"2026-01-07",0.69415,{"date":320,"score":149,"percentile":321},"2026-01-08",0.69432,{"date":323,"score":149,"percentile":324},"2026-01-09",0.69437,{"date":326,"score":149,"percentile":327},"2026-01-10",0.69436,{"date":329,"score":149,"percentile":330},"2026-01-11",0.69428,{"date":332,"score":333,"percentile":334},"2026-01-12",0.0069,0.71239,{"date":336,"score":333,"percentile":337},"2026-01-13",0.71238,{"date":339,"score":333,"percentile":340},"2026-01-14",0.71261,{"date":342,"score":333,"percentile":343},"2026-01-15",0.71267,{"date":345,"score":333,"percentile":346},"2026-01-16",0.71283,{"date":348,"score":333,"percentile":349},"2026-01-17",0.71278,{"date":351,"score":333,"percentile":352},"2026-01-18",0.71254,{"date":354,"score":333,"percentile":355},"2026-01-19",0.71249,{"date":357,"score":333,"percentile":358},"2026-01-20",0.7126,{"date":360,"score":333,"percentile":361},"2026-01-21",0.71263,{"date":363,"score":333,"percentile":364},"2026-01-22",0.71274,{"date":366,"score":333,"percentile":367},"2026-01-23",0.71303,{"date":369,"score":333,"percentile":370},"2026-01-24",0.71308,{"date":372,"score":333,"percentile":346},"2026-01-25",{"date":374,"score":333,"percentile":375},"2026-01-26",0.71279,{"date":377,"score":333,"percentile":378},"2026-01-27",0.7128,{"date":380,"score":333,"percentile":381},"2026-01-28",0.713,{"date":383,"score":333,"percentile":384},"2026-01-29",0.71299,{"date":386,"score":333,"percentile":387},"2026-01-30",0.71306,{"date":389,"score":333,"percentile":390},"2026-01-31",0.71309,{"date":392,"score":393,"percentile":394},"2026-02-01",0.00301,0.53092,[396,403,406],{"source":88,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":397,"cvss_v4_0":9},{"baseScore":398,"baseSeverity":399,"vectorString":400,"impactScore":401,"exploitabilityScore":402},5.3,"MEDIUM","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",2.3,10,{"source":83,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":404,"cvss_v4_0":9},{"baseScore":81,"baseSeverity":399,"vectorString":84,"impactScore":405,"exploitabilityScore":402},4.2,{"source":89,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":407,"cvss_v4_0":9},{"baseScore":398,"baseSeverity":9,"vectorString":400,"impactScore":401,"exploitabilityScore":402},[409,425],{"ecosystem":9,"name":410,"vendor":411,"product":410,"cpe_part":412,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":413},"undici","nodejs","a",[414,421],{"version":415,"is_range":416,"range_type":88,"version_start":417,"version_start_type":418,"version_end":419,"version_end_type":420,"fixed_in":9},"\u003C v5.7.1, >= v5.8.0",true,"v5.8.0","including","v5.7.1","excluding",{"version":422,"is_range":416,"range_type":423,"version_start":9,"version_start_type":9,"version_end":424,"version_end_type":420,"fixed_in":9},"lt5.8.0","cpe","5.8.0",{"ecosystem":426,"name":410,"vendor":426,"product":410,"cpe_part":9,"purl_type":427,"purl_namespace":9,"purl_name":410,"source":9,"versions":428},"Npm","npm",[429],{"version":430,"is_range":416,"range_type":431,"version_start":9,"version_start_type":9,"version_end":424,"version_end_type":420,"fixed_in":9},"lt5_8_0","semver"]