Lucene search
K

323 matches found

Amazon
Amazon
added 2026/04/01 12:0 a.m.5 views

Important: nodejs24

Issue Overview: Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted:...

9.8CVSS7AI score0.0115EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.6 views

Important: nodejs20

Issue Overview: Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted:...

9.8CVSS7.2AI score0.0115EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.7 views

Important: nodejs22

Issue Overview: Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted:...

9.8CVSS7.2AI score0.0115EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/23 3:13 p.m.9 views

Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem

Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.3.1 Vulnerability Details CVEID:CVE-2026-1525 DESCRIPTION: Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-lengt...

9.8CVSS6AI score0.0115EPSS
Exploits2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/18 6:31 a.m.7 views

Keycloak: Denial of Service due to excessive SAMLRequest decompression

A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service DoS by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server fails to enforce size limits during DEFLATE decompression, leading to an OutOfMemoryErro...

5.3CVSS5.8AI score0.00502EPSS
Exploits0References8Affected Software3
OSV
OSV
added 2026/03/13 8:41 p.m.2 views

GHSA-VRM6-8VPV-QV8Q Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression

Description The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforci...

7.5CVSS5.8AI score0.0115EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/13 8:41 p.m.2 views

EUVD-2026-11699

Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression...

7.5CVSS5.8AI score0.0115EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/13 8:41 p.m.9 views

Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression

Description The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforci...

7.5CVSS5.8AI score0.0115EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/03/13 8:41 p.m.4 views

EUVD-2026-11704

Undici has Unhandled Exception in WebSocket Client Due to Invalid servermaxwindowbits Validation...

7.5CVSS5.8AI score0.00874EPSS
Exploits0References6
OSV
OSV
added 2026/03/13 8:41 p.m.9 views

GHSA-V9P9-HFJ2-HCW8 Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation

Impact The undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression....

7.5CVSS5.7AI score0.00874EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/03/13 8:41 p.m.10 views

Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation

Impact The undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression....

7.5CVSS5.7AI score0.00874EPSS
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-1526

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSock...

7.5CVSS6.9AI score0.0115EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-2229

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the...

7.5CVSS6.8AI score0.00874EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/12 10:39 p.m.4 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the PerMessageDeflate.decompress method of the permessage-deflate extension. An attacker...

8.7CVSS5.8AI score0.0115EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 10:39 p.m.3 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the PerMessageDeflate.decompress method of the permessage-deflate extension. An attacker can cause...

8.7CVSS5.8AI score0.0115EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 10:39 p.m.6 views

Uncaught Exception

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Uncaught Exception through improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. An attacker can cause the process...

8.7CVSS5.8AI score0.00874EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 10:39 p.m.2 views

Uncaught Exception

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Uncaught Exception through improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. An attacker can cause the process to terminate...

8.7CVSS5.8AI score0.00874EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/12 10:23 p.m.5 views

CVE-2026-1526

A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a "decompression bomb," during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to...

7.5CVSS5.7AI score0.0115EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/12 10:23 p.m.4 views

CVE-2026-2229

A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid servermaxwindowbits parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate,...

7.5CVSS5.7AI score0.00874EPSS
Exploits0References8
OSV
OSV
added 2026/03/12 9:16 p.m.3 views

DEBIAN-CVE-2026-2229

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...

7.5CVSS7.5AI score0.00874EPSS
Exploits0References1
Rows per page
Query Builder