CVE-2022-31150 is a vulnerability classified under CWE-93, which pertains to improper neutralization of CRLF (Carriage Return Line Feed) sequences, commonly known as CRLF injection. This specific vulnerability affects the 'undici' HTTP/1.1 client library for Node.js, which is designed as a high-performance HTTP client written from scratch. Versions of undici prior to 5.7.1 are vulnerable to CRLF injection attacks, which allow an attacker to inject CRLF sequences into HTTP request headers. This injection can manipulate the structure of HTTP requests, potentially enabling HTTP response splitting, header injection, or other HTTP protocol-level attacks. The vulnerability arises because undici does not properly sanitize or neutralize CRLF characters in headers sourced from untrusted input, allowing attackers to insert malicious headers or manipulate existing ones. The issue was addressed and fixed starting with version 5.8.0 of undici. As a workaround, it is recommended to sanitize all HTTP headers from untrusted sources to remove any '\r\n' sequences before they are processed by undici. There are no known exploits in the wild reported for this vulnerability, and no direct patch links were provided in the source information. The vulnerability was publicly disclosed on July 19, 2022, and has been enriched by CISA for awareness. Given that undici is a widely used HTTP client in Node.js environments, this vulnerability could affect any Node.js application or service that uses vulnerable versions of undici and processes untrusted HTTP headers without proper sanitization.

For European organizations, the impact of this vulnerability can vary depending on the extent of undici usage in their Node.js applications. If exploited, CRLF injection can lead to HTTP response splitting attacks, which may allow attackers to perform web cache poisoning, cross-site scripting (XSS), session fixation, or redirect users to malicious sites. This can compromise the confidentiality and integrity of web applications and potentially lead to data leakage or unauthorized access. Additionally, manipulation of HTTP headers could disrupt application availability or functionality. Organizations in sectors such as finance, healthcare, e-commerce, and government, which rely heavily on web applications and APIs built with Node.js, could face reputational damage, regulatory penalties (e.g., GDPR violations), and operational disruptions if this vulnerability is exploited. The lack of known exploits in the wild suggests a lower immediate risk, but the potential for exploitation remains significant if untrusted input is not properly sanitized. Given the widespread adoption of Node.js in modern web development across Europe, the vulnerability poses a moderate risk that requires timely mitigation to prevent exploitation.

1. Upgrade undici to version 5.8.0 or later immediately to apply the official fix for this vulnerability. 2. Implement strict input validation and sanitization on all HTTP headers derived from untrusted sources to remove any CRLF sequences ('\r\n'). This should be done at the application layer before headers are passed to undici. 3. Conduct a thorough audit of all Node.js applications and services to identify usage of undici and verify the version in use. 4. Employ web application firewalls (WAFs) with rules designed to detect and block HTTP header injection and response splitting attempts. 5. Monitor application logs for unusual HTTP header patterns or anomalies that could indicate attempted exploitation. 6. Educate development teams on secure coding practices related to HTTP header handling and the risks of CRLF injection. 7. For organizations using third-party Node.js modules or frameworks that depend on undici, ensure those dependencies are also updated to versions that include the fix. 8. Consider implementing Content Security Policy (CSP) headers and other browser security mechanisms to mitigate the impact of potential XSS attacks resulting from HTTP response splitting.