4173 matches found
AZL-39773 CVE-2024-30261 affecting package nodejs for versions less than 20.14.0-1
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...
DEBIAN-CVE-2024-30261
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...
AZL-39819 CVE-2024-30261 affecting package nodejs18 for versions less than 18.20.2-1
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...
UBUNTU-CVE-2024-30261
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...
CVE-2024-30261
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...
CVE-2024-30261
CVE-2024-30261 affects Undici (the HTTP/1.1 client used by Node.js). The issue lets an attacker modify the integrity option passed to fetch(), causing fetch() to accept tampered requests. It has been patched in Undici versions 5.28.4 and 6.11.1. Affected Node.js ecosystems (via Undici) may need u...
CVE-2024-30261
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...
CVE-2024-30261 Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...
CVE-2024-30261 Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
Impact If an attacker can alter the integrity option passed to fetch, they can let fetch accept requests as valid even if they have been tampered. Patches Fixed in https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3. Fixes has been released in v5.28.4 and v6.11.1...
GHSA-9QXR-QJ54-H672 Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
Impact If an attacker can alter the integrity option passed to fetch, they can let fetch accept requests as valid even if they have been tampered. Patches Fixed in https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3. Fixes has been released in v5.28.4 and v6.11.1...
Undici 安全漏洞
undici is an HTTP/1.1 client. A security vulnerability exists in Undici that stems from allowing an attacker to change the integrity option passed to fetch and allowing fetch to receive tampered requests. Affected products and versions: Undici versions prior to 5.28.3, 6.0.0 through 6.11.0...
PT-2024-2956 · Node.Js +3 · Undici +3
Name of the Vulnerable Software and Affected Versions: Undici versions prior to 5.28.4 Undici versions prior to 6.11.1 Description: The issue is related to insufficient access control in the Undici HTTP/1.1 client for Node.js, allowing a remote attacker to execute arbitrary code by altering the...
PT-2024-22797
Name of the Vulnerable Software and Affected Versions: gotortc versions 1.8.5 and prior Description: gotortc is a camera streaming application. The index page index.html shows available streams by fetching the API on the client side, using Object.entries to iterate over the result, and appending...
PT-2024-2954 · Node.Js +3 · Undici +3
Name of the Vulnerable Software and Affected Versions: Undici versions prior to 5.28.4 Undici versions prior to 6.11.1 Description: The issue is related to the Undici HTTP/1.1 client for Node.js, which has a flaw in its authorization procedure. Specifically, Undici clears Authorization and...
Argo CD 安全漏洞
Argo CD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g. configuration in the Git repository, automatically synchronizing and deploying...
Exploit for Out-of-bounds Write in Apple Ipados
CVE-2022-32932 : ZinComputeProgramUpdateMutables OOB write d...
CVE-2024-22025
A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability stems from the fetch function in Node.js that always decodes Brotli, making it possible for an attacker to caus...
CVE-2024-27439
An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch...
CVE-2024-27439
An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch...