11 matches found
Astra Linux - уязвимость в node-undici
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...
AZL-39773 CVE-2024-30261 affecting package nodejs for versions less than 20.14.0-1
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...
DEBIAN-CVE-2024-30261
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...
AZL-39819 CVE-2024-30261 affecting package nodejs18 for versions less than 18.20.2-1
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...
UBUNTU-CVE-2024-30261
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...
CVE-2024-30261
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...
CVE-2024-30261 Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...
GHSA-9QXR-QJ54-H672 Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
Impact If an attacker can alter the integrity option passed to fetch, they can let fetch accept requests as valid even if they have been tampered. Patches Fixed in https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3. Fixes has been released in v5.28.4 and v6.11.1...
Undici 安全漏洞
undici is an HTTP/1.1 client. A security vulnerability exists in Undici that stems from allowing an attacker to change the integrity option passed to fetch and allowing fetch to receive tampered requests. Affected products and versions: Undici versions prior to 5.28.3, 6.0.0 through 6.11.0...
PT-2024-2956 · Node.Js +3 · Undici +3
Name of the Vulnerable Software and Affected Versions: Undici versions prior to 5.28.4 Undici versions prior to 6.11.1 Description: The issue is related to insufficient access control in the Undici HTTP/1.1 client for Node.js, allowing a remote attacker to execute arbitrary code by altering the...
Node.js: fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
The vulnerability in the undici library in Node.js was that the parseHashWithOptions function did not properly handle base64url encoded hashes and invalid hashes. This allowed resources to be loaded without the expected Subresource Integrity SRI checks being performed...