Lucene search

CVE-2024-30261

🗓️ 04 Apr 2024 15:39:15Reported by GitHub_MType

Undici HTTP/1.1 client vulnerability patched in version(s) 5.28.4 and 6.11.

Reporter	Title	Published	Views	Family All 45
Debian CVE	CVE-2024-30261	4 Apr 202415:15	–	debiancve
CBLMariner	CVE-2024-30261 affecting package nodejs18 for versions less than 18.20.2-1	6 May 202417:48	–	cbl_mariner
CBLMariner	CVE-2024-30261 affecting package nodejs for versions less than 20.14.0-1	21 Jun 202409:32	–	cbl_mariner
NVD	CVE-2024-30261	4 Apr 202415:15	–	nvd
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js	17 Sep 202422:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to loss of confidentiality due to [CVE-2024-30260] [CVE-2024-30261]	23 Apr 202414:14	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a remote authenticated attacker (CVE-2024-30260, CVE-2024-30261)	21 Jun 202415:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Data is vulnerable to bypass security restriction due to Node.js undici module ( CVE-2024-30261, CVE-2024-30260 )	8 Aug 202415:45	–	ibm
IBM Security Bulletins	Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities	14 Aug 202409:31	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities	21 May 202409:37	–	ibm

Nvd

Vulners

Vulnrichment

Node

nodejs undiciRange<5.28.4node.js

nodejs undiciRange6.0.0–6.11.1node.js

Node

fedoraproject fedoraMatch38

fedoraproject fedoraMatch39

fedoraproject fedoraMatch40

[
  {
    "vendor": "nodejs",
    "product": "undici",
    "versions": [
      {
        "version": ">= 6.0.0, < 6.11.1",
        "status": "affected"
      },
      {
        "version": "< 5.28.4",
        "status": "affected"
      }
    ]
  }
]

Source	Link
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/
github	www.github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/
github	www.github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672
hackerone	www.hackerone.com/reports/2377760
github	www.github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

04 Apr 2024 15:15Current

4.2Medium risk

Vulners AI Score4.2

CVSS32.6 - 3.5

EPSS0.00071

SSVC

CWE-284