Lucene search
K

8 matches found

OSV
OSV
added 5 days ago9 views

ROOT-APP-NPM-CVE-2026-1526 CVE-2026-1526 in @rootio/undici - Patched by Root

Root has patched CVE-2026-1526 in the @rootio/undici package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.0115EPSS
Exploits0
OSV
OSV
added 5 days ago8 views

ROOT-APP-NPM-CVE-2026-1528 CVE-2026-1528 in @rootio/undici - Patched by Root

Root has patched CVE-2026-1528 in the @rootio/undici package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00488EPSS
Exploits0
Snyk
Snyk
added 2026/06/17 6:21 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the handling of fragmented WebSocket messages. An attacker can cause unbounded memory growth and...

8.7CVSS6.5AI score0.00426EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-30261

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as...

3.5CVSS6.4AI score0.00803EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2025/02/13 3:42 p.m.8 views

undici: Undici Uses Insufficiently Random Values

A flaw was found in the undici package for Node.js. Undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests t...

6.8CVSS7.3AI score0.00736EPSS
Exploits0References11
OpenVAS
OpenVAS
added 2024/09/10 12:0 a.m.14 views

Fedora: Security Advisory (FEDORA-2024-ad51aa23c3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS5AI score0.00803EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2022/08/24 1:10 p.m.50 views

CVE-2022-35948

A flaw was found in the undici package. When requesting unsanitized input on content-type headers, it is possible to inject additional requests via Carriage Return/Line Feed CRLF. Mitigation A possible mitigation is to sanitize user input when sending content-type headers...

5.3CVSS3.9AI score0.01203EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/07/21 10:48 a.m.38 views

CVE-2022-31150

A flaw was found in the undici package. When requesting an input on an unsanitized request path, method, or headers it is possible to inject Carriage Return/Line Feed CRLF sequences into these requests...

6.5CVSS3.6AI score0.01158EPSS
Exploits1References3
Rows per page
Query Builder