Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
node.js undici

Version >= 6.0.0, < 6.6.1

OTHER 2 CVEs

Known Vulnerabilities

CVE-2024-24750

Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body.

MEDIUM CVSS 6.5 Published Feb 16, 2024

CVE-2024-24758

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

LOW CVSS 3.9 Published Feb 16, 2024