Lucene search

Veracode Vulnerability DatabaseVERACODE:45512

HistoryFeb 19, 2024 - 6:11 a.m.

Denial Of Service (DoS)

2024-02-1906:11:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

undici

vulnerability

dos

software

fetch

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Undici is vulnerable to Denial of Service (DoS). The vulnerability is caused due to calling fetch(URL) and not consuming the incoming body or consuming it very slowly. This potentially leads to Denial of Service (DoS) attacks.

CPENameOperatorVersion
undicile6.6.0
undicile6.6.0

CPE	Name	Operator	Version
	undici	le	6.6.0
	undici	le	6.6.0

References

github.com/advisories/GHSA-9f24-jqhm-jfcw

github.com/nodejs/undici/commit/87a48113f1f68f60aa09abb07276d7c35467c663

github.com/nodejs/undici/releases/tag/v6.6.1

github.com/nodejs/undici/security/advisories/GHSA-9f24-jqhm-jfcw

security.netapp.com/advisory/ntap-20240419-0006/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for VERACODE:45512