CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
AI Score
Confidence
High
Undici is vulnerable to Memory Leakage. The vulnerability is due to the response.arrayBuffer() method, which potentially allows an attacker to exposes sensitive portions of memory from Node.js process depending on the network and process conditions.