Node.js Module Undici 7.17.x < 7.24.0 DoS

The nodejs module Undici detected on the host is version 7.17.x prior to 7.24.0. It is, therefore, affected by a denial of service vulnerability. When the deduplication interceptor is enabled, response data for deduplicated requests is accumulated in memory for downstream handlers. An...

Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS

Impact This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An...

DEBIAN-CVE-2026-2581

This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlle...

CVE-2026-2581

This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlle...

CVE-2026-2581

Undici (deduplication interceptor) is affected by CVE-2026-2581: when interceptors.deduplicate() is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers, especially with large or chunked responses and concurrent identical requests, causing high m...

PT-2026-25067

Impact This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An...