Nodejs undici 6.4.0 for Node.js

CPE Details

Nodejs undici 6.4.0 for Node.js
nodejs
undici
6.4.0
2024-12-17
18h50 +00:00
2024-12-17
18h50 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:nodejs:undici:6.4.0:*:*:*:*:node.js:*:*

Informations

Vendor

nodejs

Product

undici

Version

6.4.0

Target Software

node.js

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-30260 2024-04-04 15h15 +00:00 Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
4.3
Moyen
CVE-2024-30261 2024-04-04 15h09 +00:00 Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
3.5
Bas
CVE-2024-24750 2024-02-16 21h42 +00:00 Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body.
6.5
Moyen
CVE-2024-24758 2024-02-16 21h40 +00:00 Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
4.5
Moyen