Lucene search
K

385 matches found

UbuntuCve
UbuntuCve
added 2024/04/04 3:15 p.m.25 views

CVE-2024-30261

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...

3.5CVSS6.7AI score0.00803EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2024/04/04 3:9 p.m.16 views

CVE-2024-30261 Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...

2.6CVSS7.2AI score0.00803EPSS
Exploits1References7
CVE
CVE
added 2024/04/04 3:9 p.m.128 views

CVE-2024-30261

CVE-2024-30261 affects Undici (the HTTP/1.1 client used by Node.js). The issue lets an attacker modify the integrity option passed to fetch(), causing fetch() to accept tampered requests. It has been patched in Undici versions 5.28.4 and 6.11.1. Affected Node.js ecosystems (via Undici) may need u...

3.5CVSS4.2AI score0.00803EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2024/04/04 3:9 p.m.22 views

CVE-2024-30261 Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...

2.6CVSS4.4AI score0.00803EPSS
Exploits1References7
OSV
OSV
added 2024/04/04 3:9 p.m.26 views

CVE-2024-30261 Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...

2.6CVSS6.4AI score0.00803EPSS
Exploits1References10
Debian CVE
Debian CVE
added 2024/04/04 3:9 p.m.24 views

CVE-2024-30261

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...

3.5CVSS6AI score0.00803EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/03/21 12:0 a.m.40 views

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2024-568)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-568 advisory. NOTE: https://nodejs.org/en/blog/release/v18.19.1NOTE: https://github.com/nodejs/node/commit/f31d47e135973746c4f490d5eb635eded8bb3dda v18.xNOTE:...

6.5CVSS6.8AI score0.01309EPSS
Exploits0References8
Fedora
Fedora
added 2024/03/07 10:33 p.m.27 views

[SECURITY] Fedora 40 Update: httpcomponents-client-4.5.14-8.fc40

HttpClient is a HTTP/1.1 compliant HTTP agent implementation based on httpcomponents HttpCore. It also provides reusable components for client-side authentication, HTTP state management, and HTTP connection management. HttpComponents Client is a successor of and replacement for Commons HttpClient...

8.8CVSS6.9AI score0.02578EPSS
Exploits3
OSV
OSV
added 2024/03/06 11:9 a.m.42 views

BIT-ZOOKEEPER-2021-21295 Possible request smuggling in HTTP/2 due missing validation

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a...

5.9CVSS6.8AI score0.18891EPSS
Exploits0References92
OSV
OSV
added 2024/03/06 11:1 a.m.29 views

BIT-NODE-2023-23936 CRLF Injection in Nodejs ‘undici’ via host

Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect host HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the headers.host string before passing to...

6.5CVSS6.7AI score0.01129EPSS
Exploits1References5
OSV
OSV
added 2024/03/06 11:0 a.m.19 views

BIT-ENVOY-2020-12605

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs...

7.5CVSS7.5AI score0.01448EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.29 views

openSUSE: Security Advisory for squid (SUSE-SU-2023:4380-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS7.5AI score0.85944EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/03/01 12:0 a.m.45 views

SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2024:0731-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0731-1 advisory. Security issues fixed: CVE-2023-46809: Node.js is vulnerable to the Marvin Attack timing variant of the Bleichenbacher attack again...

7.5CVSS6.7AI score0.03168EPSS
Exploits1References16
Tenable Nessus
Tenable Nessus
added 2024/02/29 12:0 a.m.31 views

CentOS 9 : nodejs-16.19.1-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the nodejs-16.19.1-1.el9 build changelog. - This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values...

8.6CVSS7AI score0.02209EPSS
Exploits4References8
NVD
NVD
added 2024/02/16 10:15 p.m.24 views

CVE-2024-24758

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...

4.5CVSS5.5AI score0.00765EPSS
Exploits0References4
NVD
NVD
added 2024/02/16 10:15 p.m.38 views

CVE-2024-24750

Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling fetchurl and not consuming the incoming body or consuming it very slowing will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade...

6.5CVSS6.7AI score0.007EPSS
Exploits0References3
Prion
Prion
added 2024/02/16 10:15 p.m.22 views

Authorization

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...

4.3CVSS7AI score0.00765EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/02/16 10:15 p.m.15 views

CVE-2024-24750

Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling fetchurl and not consuming the incoming body or consuming it very slowing will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade...

6.5CVSS6.6AI score0.007EPSS
Exploits0References4
Prion
Prion
added 2024/02/16 10:15 p.m.13 views

Memory corruption

Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling fetchurl and not consuming the incoming body or consuming it very slowing will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade...

4.3CVSS7AI score0.007EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/16 9:42 p.m.50 views

CVE-2024-24750 Backpressure request ignored in fetch() in Undici

Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling fetchurl and not consuming the incoming body or consuming it very slowing will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade...

6.5CVSS6.5AI score0.007EPSS
Exploits0References3
Rows per page
Query Builder