Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Dec 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Nodejs
Nodejs undici |
|
Weaknesses | CWE-401 | |
CPEs | cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:* | |
Vendors & Products |
Nodejs
Nodejs undici |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-02-16T21:42:29.999Z
Updated: 2024-08-01T23:28:12.823Z
Reserved: 2024-01-29T20:51:26.009Z
Link: CVE-2024-24750
Vulnrichment
Updated: 2024-08-01T23:28:12.823Z
NVD
Status : Analyzed
Published: 2024-02-16T22:15:07.947
Modified: 2024-12-17T17:40:47.303
Link: CVE-2024-24750
Redhat