Lucene search

Ubuntu.comUB:CVE-2024-30260

HistoryApr 04, 2024 - 12:00 a.m.

CVE-2024-30260

2024-04-0400:00:00

ubuntu.com

undici

http/1.1

vulnerability

patched

version

node.js

authorization

proxy-authorization

headers

fetch()

undici.request()

3.9 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.4%

JSON

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici
cleared Authorization and Proxy-Authorization headers for fetch(), but
did not clear them for undici.request(). This vulnerability was patched
in version(s) 5.28.4 and 6.11.1.

OSVersionArchitecturePackageVersionFilename
ubuntu23.10noarchnode-undici< anyUNKNOWN
ubuntu24.04noarchnode-undici< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	23.10	noarch	node-undici	< any	UNKNOWN
ubuntu	24.04	noarch	node-undici	< any	UNKNOWN

References

github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f

github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f (v5.28.4)

github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75

github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75 (v6.11.1)

github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7

launchpad.net/bugs/cve/CVE-2024-30260

nvd.nist.gov/vuln/detail/CVE-2024-30260

security-tracker.debian.org/tracker/CVE-2024-30260

www.cve.org/CVERecord?id=CVE-2024-30260

3.9 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.4%

JSON

Related for UB:CVE-2024-30260