Nodejs Undici 5.28.0 for Node.js

CPE Details

Nodejs Undici 5.28.0 for Node.js
nodejs
undici
5.28.0
2024-12-17
18h50 +00:00
2024-12-17
18h50 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:nodejs:undici:5.28.0:*:*:*:*:node.js:*:*

Informations

Vendor

nodejs

Product

undici

Version

5.28.0

Target Software

node.js

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-30260 2024-04-04 15h15 +00:00 Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
4.3
Medium
CVE-2024-30261 2024-04-04 15h09 +00:00 Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
3.5
Low
CVE-2024-24758 2024-02-16 21h40 +00:00 Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
4.5
Medium