Lucene search
K

21 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-30260

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy- Authorization headers for fetch, but did not clear them...

4.3CVSS6.3AI score0.00734EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.7 views

Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2024-30260)

The version of nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-30260 advisory. - Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and...

4.3CVSS6.4AI score0.00734EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/09/10 12:0 a.m.13 views

Fedora: Security Advisory (FEDORA-2024-ad51aa23c3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS5AI score0.00803EPSS
Exploits1References5
Amazon
Amazon
added 2024/08/15 12:0 a.m.3 views

Medium: nodejs

Issue Overview: NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ CVE-2024-27982 Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch, but did not clear them for undici.request. This...

6.5CVSS6.9AI score0.01155EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 3:45 p.m.27 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to bypass security restriction due to Node.js undici module ( CVE-2024-30261, CVE-2024-30260 )

Summary Node.js undici module is used by IBM Cloud Pak for Data as part of the platform. CVE-2024-30261, CVE-2024-30260. Vulnerability Details CVEID:CVE-2024-30261 DESCRIPTION: Node.js undici module could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw with...

4.3CVSS4AI score0.00803EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/08/06 12:0 a.m.32 views

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2024-694)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-694 advisory. NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ CVE-2024-27982 Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Prox...

6.5CVSS6.6AI score0.01155EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2024/07/02 12:0 a.m.18 views

CBL Mariner 2.0 Security Update: nodejs / nodejs18 (CVE-2024-30260)

The version of nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-30260 advisory. - Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and...

4.3CVSS6.4AI score0.00734EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2024/06/21 9:32 a.m.14 views

CVE-2024-30260 affecting package nodejs for versions less than 20.14.0-1

CVE-2024-30260 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this issue...

4.3CVSS4.4AI score0.00734EPSS
Exploits0
OpenVAS
OpenVAS
added 2024/06/05 12:0 a.m.18 views

openSUSE: Security Advisory for nodejs16 (SUSE-SU-2024:1837-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS5AI score0.00803EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/05/30 12:0 a.m.24 views

SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2024:1836-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1836-1 advisory. - CVE-2024-30260: undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline...

4.3CVSS6.5AI score0.00803EPSS
Exploits1References7
OpenVAS
OpenVAS
added 2024/05/07 12:0 a.m.19 views

SUSE: Security Advisory (SUSE-SU-2024:1309-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS7.3AI score0.87211EPSS
Exploits3References8
CBLMariner
CBLMariner
added 2024/05/06 5:48 p.m.21 views

CVE-2024-30260 affecting package nodejs18 for versions less than 18.20.2-1

CVE-2024-30260 affecting package nodejs18 for versions less than 18.20.2-1. An upgraded version of the package is available that resolves this issue...

4.3CVSS4.9AI score0.00734EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.25 views

Fedora 40 : nodejs-undici (2024-a5dc987f91)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a5dc987f91 advisory. Update to version 6.11.1. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

4.3CVSS6.6AI score0.00803EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/23 2:14 p.m.42 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to loss of confidentiality due to [CVE-2024-30260] [CVE-2024-30261]

Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container when processing batches in Designer flows. IBM App Connect Enterprise Certified Container IntergationServer and IntegrationRuntime operands that run flows that contain batch processes are vulnerable to loss of...

4.3CVSS4.2AI score0.00803EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2024/04/17 12:0 a.m.18 views

openSUSE Security Advisory (SUSE-SU-2024:1301-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS7.3AI score0.87211EPSS
Exploits3References8
OpenVAS
OpenVAS
added 2024/04/17 12:0 a.m.18 views

openSUSE Security Advisory (SUSE-SU-2024:1309-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS7.3AI score0.87211EPSS
Exploits3References8
Tenable Nessus
Tenable Nessus
added 2024/04/12 12:0 a.m.27 views

Fedora 39 : nodejs-undici (2024-ad51aa23c3)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-ad51aa23c3 advisory. Update to version 6.11.1. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

4.3CVSS6.6AI score0.00803EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/04/12 12:0 a.m.28 views

Fedora 38 : nodejs-undici (2024-6d9c1da54f)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6d9c1da54f advisory. Update to version 6.11.1. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

4.3CVSS6.6AI score0.00803EPSS
Exploits1References3
OSV
OSV
added 2024/04/04 4:15 p.m.6 views

AZL-39803 CVE-2024-30260 affecting package nodejs18 for versions less than 18.20.2-1

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch, but did not clear them for undici.request. This vulnerability was patched in versions 5.28.4 and 6.11.1...

4.3CVSS6.6AI score0.00734EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/04 3:15 p.m.28 views

CVE-2024-30260 Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch, but did not clear them for undici.request. This vulnerability was patched in versions 5.28.4 and 6.11.1...

3.9CVSS4.8AI score0.00734EPSS
Exploits0References6
Rows per page
Query Builder