Lucene search
K

5 matches found

Snyk
Snyk
added 2026/06/17 6:22 p.m.9 views

Permissive List of Allowed Inputs

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Permissive List of Allowed Inputs via permissive substring matching in the Set-Cookie attribute parsing. An attacker can weaken cookie SameSite enforcement by crafting a...

8.3CVSS5.9AI score0.00248EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 4:20 p.m.53 views

CVE-2026-9675

The CVE-2026-9675 issue affects the undici WebSocket client (new WebSocket(...)) where per-frame maxPayloadSize is enforced but the cumulative size of fragmented, uncompressed messages is not. A attacker-controlled WebSocket endpoint can stream many small fragments that pass per-frame validation ...

7.5CVSS5.3AI score0.00426EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.13 views

TencentOS Server 4: nodejs20 (TSSA-2026:0186)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0186 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

9.8CVSS7.7AI score0.0115EPSS
Exploits0References5
OSV
OSV
added 2026/03/12 8:21 p.m.6 views

CVE-2026-1528 undici is vulnerable to Malicious WebSocket 64-bit length overflows undici parser and crashes the client

ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24.0...

7.5CVSS7AI score0.00488EPSS
Exploits0References24
Snyk
Snyk
added 2026/03/12 8:21 p.m.4 views

Uncaught Exception

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Uncaught Exception in the ByteParser when handling a specially crafted WebSocket frame with an extremely large 64-bit length. An attacker can cause the process to termina...

8.7CVSS5.8AI score0.00488EPSS
Exploits0References2
Rows per page
Query Builder