Nodejs Undici 5.28.2 for Node.js

CPE Details

Nodejs Undici 5.28.2 for Node.js
nodejs
undici
5.28.2
2024-12-17
18h50 +00:00
2024-12-17
18h50 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:nodejs:undici:5.28.2:*:*:*:*:node.js:*:*

Informations

Vendor

nodejs

Product

undici

Version

5.28.2

Target Software

node.js

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-30260 2024-04-04 15h15 +00:00 Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
4.3
Moyen
CVE-2024-30261 2024-04-04 15h09 +00:00 Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
3.5
Bas
CVE-2024-24758 2024-02-16 21h40 +00:00 Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
4.5
Moyen