7 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-30261
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as...
Medium: nodejs
Issue Overview: NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ CVE-2024-27982 Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch, but did not clear them for undici.request. This...
Fedora 38 : nodejs-undici (2024-6d9c1da54f)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6d9c1da54f advisory. Update to version 6.11.1. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Improper Access Control
undici is vulnerable to Improper Access Control. This vulnerability is due to insufficient validation of the integrity option passed to the fetch function. If an attacker can manipulate the integrity option passed to the fetch method, the request will be accepted even if the request was tampered...
CVE-2024-30261
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...
CVE-2024-30261
CVE-2024-30261 affects Undici (the HTTP/1.1 client used by Node.js). The issue lets an attacker modify the integrity option passed to fetch(), causing fetch() to accept tampered requests. It has been patched in Undici versions 5.28.4 and 6.11.1. Affected Node.js ecosystems (via Undici) may need u...
CVE-2024-30261 Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...