Arkadiyt

**Name of the Vulnerable Software and Affected Versions** undici versions less than 5.7.1 **Description** The issue allows injecting CRLF sequences into request headers in undici, an HTTP/1.1 client for Node.js. This can be achieved by manipulating the `headers`, `path`, and `method` parameters. Sanitizing all HTTP headers from untrusted sources to eliminate `r ` is a potential workaround. A fix was released in version 5.8.0. **Recommendations** For versions less than 5.7.1, update to version 5.8.0 to resolve the issue. As a temporary workaround, consider sanitizing all HTTP headers from untrusted sources to eliminate `r ` until a patch is applied.