Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveGitHub_MCVE-2024-38372
HistoryJul 08, 2024 - 9:15 p.m.

CVE-2024-38372

2024-07-0821:15:12
CWE-201
GitHub_M
web.nvd.nist.gov
30
undici
http/1.1
memory leak
node.js
patch

CVSS3

2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

AI Score

7

Confidence

Low

EPSS

0

Percentile

15.8%

JSON

Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a fetch() request, response.arrayBuffer() might include portion of memory from the Node.js process. This has been patched in v6.19.2.

Affected configurations

Vulners
Vulnrichment
Node
nodejsundiciRange6.14.06.19.2
VendorProductVersionCPE
nodejsundici*cpe:2.3:a:nodejs:undici:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "nodejs",
    "product": "undici",
    "versions": [
      {
        "version": ">= 6.14.0, < 6.19.2",
        "status": "affected"
      }
    ]
  }
]

Related

osv 2
nessus 1
github 1
cvelist 1
ibm 1
debiancve 1
veracode 1
vulnrichment 1
nvd 1
ubuntucve 1
osv
osv
Undici vulnerable to data leak when using response.arrayBuffer()
2024-07-09 13:32:30
CVE-2024-38372
2024-07-08 21:15:12
nessus
nessus
Node.js Module Undici < 6.19.2 Information Disclosure
2024-07-26 00:00:00
github
github
Undici vulnerable to data leak when using response.arrayBuffer()
2024-07-09 13:32:30
cvelist
cvelist
CVE-2024-38372 Undici vulnerable to data leak when using response.arrayBuffer()
2024-07-08 20:25:59
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run Designer Flows containing event nodes are vulnerable to loss of confidentiality [CVE-2024-38372]
2024-08-01 15:04:06
debiancve
debiancve
CVE-2024-38372
2024-07-08 21:15:12
veracode
veracode
Memory Disclosure
2024-07-09 05:51:54
vulnrichment
vulnrichment
CVE-2024-38372 Undici vulnerable to data leak when using response.arrayBuffer()
2024-07-08 20:25:59
nvd
nvd
CVE-2024-38372
2024-07-08 21:15:12
ubuntucve
ubuntucve
CVE-2024-38372
2024-07-08 00:00:00

CVSS3

2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

AI Score

7

Confidence

Low

EPSS

0

Percentile

15.8%

JSON
Related for CVE-2024-38372
osv2nessus1github1cvelist1ibm1debiancve1veracode1vulnrichment1nvd1ubuntucve1