Nodejs undici 6.4.0 for Node.js

CPE Details

Nodejs undici 6.4.0 for Node.js
nodejs
undici
6.4.0
2024-12-17
18h50 +00:00
2024-12-17
18h50 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:nodejs:undici:6.4.0:*:*:*:*:node.js:*:*

Informations

Vendor

nodejs

Product

undici

Version

6.4.0

Target Software

node.js

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-30260 2024-04-04 15h15 +00:00 Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
4.3
Medium
CVE-2024-30261 2024-04-04 15h09 +00:00 Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
3.5
Low
CVE-2024-24750 2024-02-16 21h42 +00:00 Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body.
6.5
Medium
CVE-2024-24758 2024-02-16 21h40 +00:00 Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
4.5
Medium