3 matches found
CVE-2024-38372
Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a fetch request, response.arrayBuffer might include portion of memory from the Node.js process. This has been patched in v6.19.2...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run Designer Flows containing event nodes are vulnerable to loss of confidentiality [CVE-2024-38372]
Summary Node.js undici module is used by IBM App Connect Enterprise Certified Container for HTTP calls. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run Designer flows that contain event nodes are vulnerable to loss of confidentiality. This...
Node.js Module Undici < 6.19.2 Information Disclosure
The nodejs module Undici detected on the host is prior to version 6.19.2. It is, therefore, affected by an information disclosure vulnerability. An authenticated, remote attacker can exploit this to obtain a portion of memory from the Node.js process. Note that Nessus has not tested for these...