From 875f4031c6684e1bcb2cd79d562d20a3f6b3b9f5 Mon Sep 17 00:00:00 2001
From: RafaelGSS <rafael.nunu@hotmail.com>
Date: Mon, 6 Nov 2023 14:09:02 +0000
Subject: [PATCH] blog: update CVE-2023-45143 severity score

This was wrongly assessed in H1.
---
 pages/en/blog/vulnerability/october-2023-security-releases.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pages/en/blog/vulnerability/october-2023-security-releases.md b/pages/en/blog/vulnerability/october-2023-security-releases.md
index da3e389f6914b..b57fecf5deb39 100644
--- a/pages/en/blog/vulnerability/october-2023-security-releases.md
+++ b/pages/en/blog/vulnerability/october-2023-security-releases.md
@@ -11,7 +11,7 @@ author: Rafael Gonzaga
 Updates are now available for the v18.x and v20.x Node.js release lines for the
 following issues.
 
-## undici - Cookie headers are not cleared in cross-domain redirect in undici-fetch (High) - (CVE-2023-45143)
+## undici - Cookie headers are not cleared in cross-domain redirect in undici-fetch (Low) - (CVE-2023-45143)
 
 Undici did not always clear Cookie headers on cross-origin redirects. By design, cookie headers are [forbidden request headers](https://fetch.spec.whatwg.org/#forbidden-request-header), disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch.