You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch(), but did not clear them for undici.request(). This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
CVE-2024-30260 - Low Severity Vulnerability
Vulnerable Libraries - undici-5.27.2.tgz, undici-5.22.1.tgz, undici-5.11.0.tgz
undici-5.27.2.tgz
Library home page: https://registry.npmjs.org/undici/-/undici-5.27.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
undici-5.22.1.tgz
Library home page: https://registry.npmjs.org/undici/-/undici-5.22.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
undici-5.11.0.tgz
An HTTP/1.1 client, written from scratch for Node.js
Library home page: https://registry.npmjs.org/undici/-/undici-5.11.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
Found in base branch: develop
Vulnerability Details
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for
fetch()
, but did not clear them forundici.request()
. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.Publish Date: 2024-04-04
URL: CVE-2024-30260
CVSS 3 Score Details (3.9)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-m4v8-wqvr-p9f7
Release Date: 2024-04-04
Fix Resolution: undici - 5.28.4,6.11.1
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: