Control: tag -1 confirmed On Wed, May 31, 2023 at 04:00:47PM +0400, Yadd wrote: > [ Reason ] > node-undici is vulnerable to: > * CVE-2023-23936: "Host" HTTP header isn't protected against CLRF injection > * CVE-2023-24807: Regex Denial of Service on headers set/append
Please update the changelog to mention the CVE identifiers; other than that, go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1