GHSA-3G92-W8C5-73PQ Undici vulnerable to data leak when using response.arrayBuffer()

Impact Depending on network and process conditions of a fetch request, response.arrayBuffer might include portion of memory from the Node.js process. Patches This has been patched in v6.19.2. Workarounds There are no known workaround. References https://github.com/nodejs/undici/issues/3337...

PT-2024-27966 · Node.Js · Undici

Name of the Vulnerable Software and Affected Versions: Undici versions prior to 6.19.2 Description: Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a fetch request, response.arrayBuffer might include a portion of memory from the Node....

GO-2024-2800 Argument injection when fetching remote default Git branches in github.com/hashicorp/go-getter

When go-getter is performing a Git operation, go-getter will try to clone the given repository. If a Git reference is not passed along with the Git url, go-getter will then try to check the remote repository's HEAD reference of its default branch by passing arguments to the Git binary on the host...

openSUSE Security Advisory (SUSE-SU-2024:1309-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-30261 Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...

Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect

Impact If an attacker can alter the integrity option passed to fetch, they can let fetch accept requests as valid even if they have been tampered. Patches Fixed in https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3. Fixes has been released in v5.28.4 and v6.11.1...

Denial Of Service (DoS)

Undici is vulnerable to Denial of Service DoS. The vulnerability is caused due to calling fetchURL and not consuming the incoming body or consuming it very slowly. This potentially leads to Denial of Service DoS attacks...

Undici proxy-authorization header not cleared on cross-origin redirect in fetch

Impact Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authorization headers. Patches This is patched in v5.28.3 and v6.6.1 Workarounds There are no known workarounds. References - https://fetch.spec.whatwg.org/authentication-entries -...

GHSA-3787-6PRV-H9W3 Undici proxy-authorization header not cleared on cross-origin redirect in fetch

Impact Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authorization headers. Patches This is patched in v5.28.3 and v6.6.1 Workarounds There are no known workarounds. References - https://fetch.spec.whatwg.org/authentication-entries -...

fetch(url) leads to a memory leak in undici

Impact Calling fetchurl and not consuming the incoming body or consuming it very slowing will lead to a memory leak. Patches Patched in v6.6.1 Workarounds Make sure to always consume the incoming body...

Node.js 18.x < 18.19.1 Multiple Vulnerabilities - Windows

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

SMB Fetch, Windows x64 Reverse TCP Stager

Fetch and execute an x64 payload from an SMB server. Connect back to the attacker Windows x64 Module Options msf use payload/cmd/windows/smb/x64/peinject/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...

SMB Fetch, Windows x64 Command Shell, Reverse TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an SMB server. Spawn a piped command shell Windows x64 staged. Connect back to the attacker with UUID Support Windows x64 Module Options msf use payload/cmd/windows/smb/x64/shell/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf...

SMB Fetch, Windows x64 Reverse TCP Stager

Fetch and execute an x64 payload from an SMB server. Connect back to the attacker Windows x64 Module Options msf use payload/cmd/windows/smb/x64/vncinject/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and se...

SMB Fetch, Windows x64 Command Shell, Windows x64 Bind Named Pipe Stager

Fetch and execute an x64 payload from an SMB server. Spawn a piped command shell Windows x64 staged. Listen for a pipe connection Windows x64 Module Options msf use payload/cmd/windows/smb/x64/shell/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set...

SMB Fetch, Bind TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an SMB server. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/smb/x64/meterpreter/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show...

SMB Fetch, Windows Meterpreter Shell, Reverse TCP Inline (IPv6) (x64)

Fetch and execute an x64 payload from an SMB server. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/smb/x64/meterpreterreverseipv6tcp msf payloadmeterpreterreverseipv6tcp show actions ...actions... msf...

SMB Fetch, Windows shellcode stage, Windows x64 Reverse HTTP Stager (wininet)

Fetch and execute an x64 payload from an SMB server. Custom shellcode stage. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/smb/x64/custom/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf...

SMB Fetch, Windows shellcode stage, Reverse TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x64 payload from an SMB server. Custom shellcode stage. Connect back to the attacker Module Options msf use payload/cmd/windows/smb/x64/custom/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show...

SMB Fetch, Bind TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an SMB server. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/smb/x64/peinject/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show option...