Lucene search
K

22 matches found

OSV
OSV
added 2026/06/17 6:18 p.m.6 views

UBUNTU-CVE-2026-6733

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS5.8AI score0.00228EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 5:16 p.m.11 views

CVE-2026-12151

Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size...

7.5CVSS0.0057EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/14 7:23 a.m.17 views

undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers

A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing e.g., "Content-Length" and "content-length". This can lead to HTTP Request Smuggling, a...

9.8CVSS7AI score0.00493EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-0154

Malicious code in bioql PyPI...

6.8CVSS6.2AI score0.00736EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/07/11 12:0 a.m.4 views

Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2025-47279)

The version of nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-47279 advisory. - Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applicatio...

3.1CVSS6.3AI score0.00254EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.14 views

TencentOS Server 3: nodejs:18 (TSSA-2023:0256)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0256 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References5
RedhatCVE
RedhatCVE
added 2025/05/23 10:20 a.m.7 views

CVE-2024-38372

Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a fetch request, response.arrayBuffer might include portion of memory from the Node.js process. This has been patched in v6.19.2...

2CVSS6.8AI score0.00471EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-24758

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear...

4.5CVSS6.7AI score0.00765EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/02/14 12:0 a.m.19 views

CBL Mariner 2.0 Security Update: nodejs / nodejs18 (CVE-2025-22150)

The version of nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22150 advisory. - Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and...

6.8CVSS6.4AI score0.00736EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/05 12:0 a.m.13 views

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2025-822)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-822 advisory. Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is...

7.7CVSS6.5AI score0.01282EPSS
Exploits0References8
OSV
OSV
added 2025/01/21 5:46 p.m.18 views

CVE-2025-22150 Undici Uses Insufficiently Random Values

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

6.8CVSS6.2AI score0.00736EPSS
Exploits0References9
Redos
Redos
added 2024/09/16 12:0 a.m.14 views

ROS-20240916-03

A vulnerability in the Node.js software platform is related to insufficient data authentication. Exploitation of the vulnerability could allow an attacker acting remotely to disable the validation of the integrity A vulnerability in the APIgenerateKeys function of the Node.js software platform is...

9.8CVSS8.1AI score0.02209EPSS
Exploits2
CNNVD
CNNVD
added 2024/07/08 12:0 a.m.4 views

undici Security breach

undici is an HTTP/1.1 client. A security vulnerability exists in undici version 6.14.0 through versions prior to 6.19.2, which stems from the response.arrayBuffer function potentially containing portions of memory from a Node.js process...

2CVSS6.7AI score0.00471EPSS
Exploits0References6
Amazon
Amazon
added 2024/05/03 12:0 a.m.9 views

Important: nodejs20

Issue Overview: NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ CVE-2024-27982 An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data i...

8.2CVSS6.7AI score0.87211EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2024/03/06 12:0 a.m.88 views

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2024-544)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-544 advisory. 2024-03-13: CVE-2024-22025 was added to this advisory. The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file...

9.8CVSS6.6AI score0.03168EPSS
Exploits0References18
Amazon
Amazon
added 2023/11/03 12:0 a.m.3 views

Important: nodejs

Issue Overview: When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability...

7.5CVSS6.8AI score0.01223EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/10/27 12:0 a.m.67 views

SUSE SLES15 Security Update : nodejs18 (SUSE-SU-2023:4207-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4207-1 advisory. - Update to version 18.18.2 - CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. bsc1216190 - CVE-2023-45143: Fixed a cookie...

7.5CVSS7.1AI score0.99999EPSS
Exploits19References13
Tenable Nessus
Tenable Nessus
added 2023/10/26 12:0 a.m.46 views

Fedora 37 : nodejs18 (2023-e9c04d81c1)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-e9c04d81c1 advisory. 2023-10-13, Version 18.18.2 'Hydrogen' LTS, @RafaelGSS This is a security release. Notable Changes The following CVEs are fixed in this release:...

7.5CVSS7.2AI score0.99999EPSS
Exploits19References5
RedHat Linux
RedHat Linux
added 2023/05/09 11:51 a.m.4 views

Node.js: Regular Expression Denial of Service in Headers fetch API

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...

7.5CVSS7.2AI score0.01304EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/02/16 12:0 a.m.2 views

undici 安全漏洞

undici is an HTTP/1.1 client. A security vulnerability exists in undici versions prior to 5.19.1 that stems from vulnerability to regular expression denial of service ReDoS attacks when passing untrusted values to functions...

7.5CVSS7AI score0.01304EPSS
Exploits0References10
Rows per page
Query Builder