CVSS 3.1 Score 3.9 of 10 (low)


Published Oct 12, 2023
Updated: Feb 16, 2024
CWE ID 200


CVE-2023-45143 is a vulnerability that affects the Undici HTTP/1.1 client for Node.js versions prior to 5.26.2. The vulnerability allows the accidental leakage of cookies to a third-party site or a malicious attacker who can control the redirection target. This occurs because Undici does not clear Cookie headers on cross-origin redirects, even though they are forbidden request headers. The potential danger to organizations is that sensitive cookie information could be exposed, posing a risk to user privacy and potentially enabling unauthorized access to accounts. The vulnerability was patched in version 5.26.2, and there are no known workarounds available.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-45143 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options