T1M0N0

**Name of the Vulnerable Software and Affected Versions** Undici versions prior to 5.28.3 Undici versions prior to 6.6.1 **Description** The issue is related to insufficient protection of service data due to incorrect clearing of `Proxy-Authentication` headers in the Undici HTTP/1.1 client for Node.js. This could allow a remote attacker to elevate their privileges. The `Proxy-Authentication` headers were not cleared on cross-origin redirects, unlike the `Authorization` headers which were already being cleared. There are no known workarounds for this issue. **Recommendations** For versions prior to 5.28.3, upgrade to version 5.28.3 or later. For versions prior to 6.6.1, upgrade to version 6.6.1 or later. As a temporary workaround, consider disabling the use of `Proxy-Authentication` headers in the Undici client until a patch is applied.