Undici@6.0.0 Security Vulnerabilities and Issues — Undici@6.0.0 CVE List

Lucene search

NodejsUndici6.0.0

4 matches found

CVE•added 2024/04/04 3:15 p.m.•110 views

CVE-2024-30261

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch(), allowing fetch() to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.

3.5CVSS4.2AI score0.00175EPSS

CVE•added 2024/04/04 4:15 p.m.•103 views

CVE-2024-30260

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch(), but did not clear them for undici.request(). This vulnerability was patched in version(s) 5.28.4 and 6.11.1.

4.3CVSS4.8AI score0.00166EPSS

CVE•added 2024/02/16 10:15 p.m.•98 views

CVE-2024-24758

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarou...

4.5CVSS3.9AI score0.00123EPSS

CVE•added 2024/02/16 10:15 p.m.•53 views

CVE-2024-24750

Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling fetch(url) and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgra...

6.5CVSS6.2AI score0.00356EPSS